CVE-2021-43337

SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
schedmdslurm
21.08.0 ≤
𝑥
< 21.08.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
slurm-wlm
bullseye (security)
20.11.7+really20.11.4-2+deb11u1
fixed
bullseye
20.11.7+really20.11.4-2+deb11u1
fixed
bookworm
22.05.8-4+deb12u2
fixed
bookworm (security)
22.05.8-4+deb12u2
fixed
sid
24.05.2-1
fixed
trixie
24.05.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
slurm-wlm
jammy
not-affected
impish
not-affected
hirsute
ignored
focal
dne
bionic
dne
xenial
ignored
trusty
ignored
References
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VY34WSSPRPA6MISNYBZWHSGX2SYSEEE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUWNGDQTS7AWFI7FIHUWQOYJSD2IQTCG/
https://lists.schedmd.com/pipermail/slurm-announce/
https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html
https://www.schedmd.com/news.php
https://www.schedmd.com/news.php?id=256
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5VY34WSSPRPA6MISNYBZWHSGX2SYSEEE/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DUWNGDQTS7AWFI7FIHUWQOYJSD2IQTCG/
https://lists.schedmd.com/pipermail/slurm-announce/
https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html
https://www.schedmd.com/news.php
https://www.schedmd.com/news.php?id=256