Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 942684 (CVE-2024-48936)

Summary: <sys-cluster/slurm-24.05.4 vulnerability (CVE-2024-48936)
Product: Gentoo Security Reporter: foufou33
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: UNCONFIRMED ---    
Severity: normal CC: alexxy, cluster
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://security-tracker.debian.org/tracker/CVE-2024-48936
Whiteboard:
Package list:
Runtime testing required: ---

Description foufou33 2024-11-01 20:27:59 UTC 
from debian's security tracker :
Description:	SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.

upstream's release anouncment is here :
https://www.schedmd.com/slurm-version-24-05-4-is-now-available/

Reproducible: Always