摘要:
SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.
安全等级: Low
公告ID: KylinSec-SA-2024-4362
发布日期: 2024年12月16日
关联CVE: CVE-2024-48936
SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2024-48936 | KY3.4-5 | slurm | Unaffected |
| CVE-2024-48936 | KY3.5.2 | slurm | Unaffected |
| CVE-2024-48936 | V6 | slurm | Unaffected |
