CVE-2021-43337

EUVD-2021-30275
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
Affected Products (NVD)
VendorProductVersion
schedmdslurm
21.08.0 ≤
𝑥
< 21.08.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
slurm-wlm
bookworm
22.05.8-4+deb12u2
fixed
bookworm (security)
22.05.8-4+deb12u2
fixed
bullseye
20.11.7+really20.11.4-2+deb11u1
fixed
bullseye (security)
20.11.7+really20.11.4-2+deb11u1
fixed
sid
24.05.2-1
fixed
trixie
24.05.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
slurm-wlm
bionic
dne
focal
dne
hirsute
ignored
impish
not-affected
jammy
not-affected
trusty
ignored
xenial
ignored
References
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VY34WSSPRPA6MISNYBZWHSGX2SYSEEE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUWNGDQTS7AWFI7FIHUWQOYJSD2IQTCG/
https://lists.schedmd.com/pipermail/slurm-announce/
https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html
https://www.schedmd.com/news.php
https://www.schedmd.com/news.php?id=256
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VY34WSSPRPA6MISNYBZWHSGX2SYSEEE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUWNGDQTS7AWFI7FIHUWQOYJSD2IQTCG/
https://lists.schedmd.com/pipermail/slurm-announce/
https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html
https://www.schedmd.com/news.php
https://www.schedmd.com/news.php?id=256