CVE-2017-15566
HIGHSchedMD Slurm Privilege Escalation via SPANK Environment Variable Handling
Title source: llmDescription
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101675
Vendor Advisory x_refsource_confirm
https://www.schedmd.com/news.php?id=193#OPT_193
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-4023
Scores
CVSS v3
7.8
EPSS
0.0058
EPSS Percentile
42.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (2)
schedmd/slurm
17.11.0 rc1
schedmd/slurm
< 16.05.11
Published
Nov 01, 2017
Tracked Since
Feb 18, 2026