Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-49933

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

Published

2023-12-14T05:15:08.810

Last Modified

2024-11-21T08:34:02.130

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-924

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	schedmd	slurm	< 22.05.12	Yes
Application	schedmd	slurm	< 23.02.7	Yes
Application	schedmd	slurm	23.11	Yes
Application	schedmd	slurm	23.11	Yes

References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/ ([email protected])
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html Mailing List, Vendor Advisory ([email protected])
https://www.schedmd.com/security-archive.php Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.schedmd.com/security-archive.php Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)