CVE-2024-48936 Information

Description

SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users’ jobs. This is limited to jobs explicitly running with –stepmgr or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.

Reference

https://www.schedmd.com/security-policy/ https://lists.schedmd.com/pipermail/slurm-announce/2024/date.html https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce%40lists.schedmd.com/message/44MFMN7R35YZFWTNO43R2754W5B5XUAI/