CVE-2020-12693 Information

Feb 14, 2021 cve

Description

Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3 in the rare case where Message Aggregation is enabled allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00063.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KNL5E5SK4WP6M3DKU4IKW2NPQD2XTZ4Y/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3RGQB3EWDLOLTSPAJPPWZEPQK3O3AUH/ https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html https://www.schedmd.com/news.php?id=236

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1

Share on: