First published: Fri Nov 27 2020(Updated: )
Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SchedMD Slurm | <19.05.8 | |
SchedMD Slurm | >=20.0.0<20.02.6 | |
Debian Debian Linux | =10.0 | |
debian/slurm-llnl | 18.08.5.2-1+deb10u2 | |
debian/slurm-wlm | 20.11.7+really20.11.4-2+deb11u1 22.05.8-4 22.05.8-4+deb12u1 23.02.3-2 23.02.6-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-27746 is a vulnerability in Slurm where sensitive information can be exposed to an unauthorized actor due to a race condition in a read operation on the /proc filesystem.
CVE-2020-27746 affects Slurm versions before 19.05.8 and 20.x before 20.02.6.
CVE-2020-27746 affects SchedMD Slurm versions before 19.05.8 and 20.x before 20.02.6, as well as Debian Debian Linux version 10.0.
CVE-2020-27746 has a severity rating of medium, with a severity value of 3.7.
To fix CVE-2020-27746, upgrade to Slurm version 19.05.8 or 20.02.6, or apply the appropriate remedy provided by the Debian security advisory DSA-4841.