ID CVE-2020-12693
Summary Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.
References
Vulnerable Configurations
  • cpe:2.3:a:schedmd:slurm:19.05.0:*:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.0:*:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.0.0:pre1:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.0.0:pre1:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.0.0:pre2:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.0.0:pre2:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.0.0:pre3:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.0.0:pre3:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.5:*:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.5:*:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:19.05.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:19.05.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:20.02.0:-:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:20.02.0:-:*:*:*:*:*:*
  • cpe:2.3:a:schedmd:slurm:20.02.0.0:pre1:*:*:*:*:*:*
    cpe:2.3:a:schedmd:slurm:20.02.0.0:pre1:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 19-09-2020 - 18:15)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
confirm
fedora
  • FEDORA-2020-11d0cf302f
  • FEDORA-2020-e95ef17134
suse
  • openSUSE-SU-2020:1421
  • openSUSE-SU-2020:1468
Last major update 19-09-2020 - 18:15
Published 21-05-2020 - 23:15
Last modified 19-09-2020 - 18:15
Back to Top