CVE-2020-27746

LOW

Slurm < 19.05.8 and 20.x < 20.02.6 - Sensitive Information Exposure via X11 Magic Cookie Race Condition

Title source: llm
STIX 2.1

Description

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.schedmd.com/news.php
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4841

Scores

CVSS v3 3.7
EPSS 0.0082
EPSS Percentile 52.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-362
Status published
Products (2)
debian/debian_linux 10.0
schedmd/slurm < 19.05.8
Published Nov 27, 2020
Tracked Since Feb 18, 2026