First published: Mon Jan 13 2020(Updated: )
SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SchedMD Slurm | <18.08.9 | |
SchedMD Slurm | >=19.05.0<19.05.5 | |
openSUSE Leap | =15.1 | |
Debian Debian Linux | =10.0 | |
debian/slurm-llnl | 18.08.5.2-1+deb10u2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-19728 is a vulnerability in SchedMD Slurm before version 18.08.9 and 19.x before version 19.05.5 that allows execution of srun --uid with incorrect privileges.
CVE-2019-19728 has a severity level of high, with a severity value of 7.5.
CVE-2019-19728 affects SchedMD Slurm versions before 18.08.9 and 19.x before 19.05.5, allowing the execution of srun --uid with incorrect privileges.
To fix CVE-2019-19728, users should update to SchedMD Slurm version 18.08.9 or 19.05.5.
Yes, you can find more information about CVE-2019-19728 at the following references: [https://github.com/SchedMD/slurm/commit/5ac031b2ef5462f6e8e47dad0247bd474614c118](reference 1), [https://bugzilla.suse.com/show_bug.cgi?id=1159692](reference 2), [https://bugs.schedmd.com/show_bug.cgi?id=8084](reference 3).