CVE-2020-12693

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user.

References

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00035.html

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00063.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/KNL5E5SK4WP6M3DKU4IKW2NPQD2XTZ4Y/

https://lists.fedoraproject.org/archives/list/[email protected]/message/T3RGQB3EWDLOLTSPAJPPWZEPQK3O3AUH/

https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html

https://www.debian.org/security/2021/dsa-4841

https://www.schedmd.com/news.php?id=236

Details

Source: MITRE

Published: 2020-05-21

Updated: 2021-01-28

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

CVSS v3

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
156773Debian DLA-2886-1 : slurm-llnl - LTS security updateNessusDebian Local Security Checks
critical
147801SUSE SLES12 Security Update : slurm_20_11 / pdsh (SUSE-SU-2021:0773-1)NessusSuSE Local Security Checks
high
145523Debian DSA-4841-1 : slurm-llnl - security updateNessusDebian Local Security Checks
critical
143870SUSE SLES12 Security Update : pdsh, slurm_20_02 (SUSE-SU-2020:2607-1)NessusSuSE Local Security Checks
high
143146openSUSE Security Update : slurm_18_08 (openSUSE-2020-1969)NessusSuSE Local Security Checks
high
140689openSUSE Security Update : slurm_18_08 (openSUSE-2020-1468)NessusSuSE Local Security Checks
high
140574openSUSE Security Update : slurm (openSUSE-2020-1421)NessusSuSE Local Security Checks
high
140515SUSE SLES15 Security Update : slurm (SUSE-SU-2020:2602-1)NessusSuSE Local Security Checks
high
140514SUSE SLES12 Security Update : slurm (SUSE-SU-2020:2601-1)NessusSuSE Local Security Checks
high
140513SUSE SLES12 Security Update : slurm_18_08 (SUSE-SU-2020:2600-1)NessusSuSE Local Security Checks
high
140512SUSE SLES15 Security Update : slurm (SUSE-SU-2020:2598-1)NessusSuSE Local Security Checks
high
139532SUSE SLES12 Security Update : dpdk (SUSE-SU-2020:2194-1)NessusSuSE Local Security Checks
high
137593SUSE SLES15 Security Update : slurm_20_02 (SUSE-SU-2020:1554-1)NessusSuSE Local Security Checks
high
137123Fedora 32 : slurm (2020-e95ef17134)NessusFedora Local Security Checks
high
137105Fedora 31 : slurm (2020-11d0cf302f)NessusFedora Local Security Checks
high