First published: Wed Nov 17 2021(Updated: )
SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SchedMD Slurm | >=21.08.0<21.08.4 | |
Fedoraproject Fedora | =34 | |
Fedoraproject Fedora | =35 | |
>=21.08.0<21.08.4 | ||
=34 | ||
=35 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43337 is a vulnerability in SchedMD Slurm 21.08.* before 21.08.4 that allows incorrect access control, potentially allowing unauthorized access to job scripts and environment files.
The severity of CVE-2021-43337 is medium with a CVSS score of 6.5.
CVE-2021-43337 impacts SchedMD Slurm versions before 21.08.4 by allowing users to request job scripts and environment files they should not have access to.
To fix CVE-2021-43337, update SchedMD Slurm to version 21.08.4 or later.
Yes, you can find more information about CVE-2021-43337 at the following references: [1](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5VY34WSSPRPA6MISNYBZWHSGX2SYSEEE/), [2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DUWNGDQTS7AWFI7FIHUWQOYJSD2IQTCG/), [3](https://lists.schedmd.com/pipermail/slurm-announce/)