First published: Thu May 13 2021(Updated: )
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SchedMD Slurm | <20.02.7 | |
SchedMD Slurm | >=20.11<20.11.7 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Debian Debian Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-31215 is a vulnerability in SchedMD Slurm before version 20.02.7 and 20.03.x through 20.11.x before 20.11.7 that allows remote code execution.
CVE-2021-31215 allows remote code execution by mishandling the environment when a PrologSlurmctld or EpilogSlurmctld script is used.
CVE-2021-31215 has a severity level of 8.8 (high).
CVE-2021-31215 affects SchedMD Slurm versions before 20.02.7 and versions 20.03.x through 20.11.x before 20.11.7.
Yes, you can find references for CVE-2021-31215 at the following links: [Link1](https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html) and [Link2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ODMJQNY4FAV7G3DSKVIO5KY7Q7DKBPU/).