Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-48936

SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.

Published

2024-10-28T04:15:02.900

Last Modified

2025-04-17T18:52:54.900

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.0 (MEDIUM)

Weaknesses

Type: Secondary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	schedmd	slurm	< 24.05.4	Yes

References

https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce%40lists.schedmd.com/message/44MFMN7R35YZFWTNO43R2754W5B5XUAI/ Mailing List ([email protected])
https://lists.schedmd.com/pipermail/slurm-announce/2024/date.html Mailing List ([email protected])
https://www.schedmd.com/security-policy/ Product ([email protected])