CVE-2024-48936

MEDIUM

Slurm < 24.05.4 - Incorrect Authorization via Step Manager

Title source: llm

Description

SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.

References (3)

Core 3

Core References

Mailing List

https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce%40lists.schedmd.com/message/44MFMN7R35YZFWTNO43R2754W5B5XUAI/

Mailing List

https://lists.schedmd.com/pipermail/slurm-announce/2024/date.html

Product

https://www.schedmd.com/security-policy/

Scores

CVSS v3 5.0

EPSS 0.0034

EPSS Percentile 25.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (1)

schedmd/slurm < 24.05.4

Published Oct 28, 2024

Tracked Since Feb 18, 2026