CVE-2021-31215

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
schedmdslurm
𝑥
< 20.02.7
schedmdslurm
20.11 ≤
𝑥
< 20.11.7
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
slurm-wlm
bullseye (security)
20.11.7+really20.11.4-2+deb11u1
fixed
bullseye
20.11.7+really20.11.4-2+deb11u1
fixed
buster
no-dsa
bookworm
22.05.8-4+deb12u2
fixed
bookworm (security)
22.05.8-4+deb12u2
fixed
sid
24.05.2-1
fixed
trixie
24.05.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
slurm-llnl
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
ignored
focal
Fixed 19.05.5-1ubuntu0.1~esm1
released
bionic
Fixed 17.11.2-1ubuntu0.1~esm4
released
xenial
Fixed 15.08.7-1ubuntu0.1~esm4
released
trusty
Fixed 2.6.5-1ubuntu0.1~esm5
released
slurm-wlm
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
not-affected
jammy
not-affected
impish
Fixed 20.11.7+really20.11.4
released
hirsute
ignored
groovy
dne
focal
dne
bionic
dne
xenial
ignored
trusty
dne
References
https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ODMJQNY4FAV7G3DSKVIO5KY7Q7DKBPU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRHTASFAU5FNB2MJOG67YID2ONQS5MCQ/
https://lists.schedmd.com/pipermail/slurm-announce/2021/000055.html
https://www.schedmd.com/news.php?id=248#OPT_248
https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ODMJQNY4FAV7G3DSKVIO5KY7Q7DKBPU/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRHTASFAU5FNB2MJOG67YID2ONQS5MCQ/
https://lists.schedmd.com/pipermail/slurm-announce/2021/000055.html
https://www.schedmd.com/news.php?id=248#OPT_248