Vulnerability CVE-2020-27746

Vulnerability Name:

CVE-2020-27746 (CCN-192397)

Assigned:

2020-11-17

Published:

2020-11-17

Updated:

2022-05-03

Summary:

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

CVSS v3 Severity:

3.7 Low (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
3.2 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-362

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-27746

Source: XF
Type: UNKNOWN
slurm-cve202027746-info-disc(192397)

Source: DEBIAN
Type: Third Party Advisory
DSA-4841

Source: CCN
Type: SchedMD Web site
Slurm versions 20.02.6 and 19.05.8 are now available (CVE-2020-27745 and CVE-2020-27746)

Source: MISC
Type: Patch, Vendor Advisory
https://www.schedmd.com/news.php

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-27746

Vulnerable Configuration:

Configuration 1:

cpe:/a:schedmd:slurm:*:*:*:*:*:*:*:* (Version >= 20.0.0 and < 20.02.6)

OR cpe:/a:schedmd:slurm:*:*:*:*:*:*:*:* (Version < 19.05.8)

Configuration 2:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:schedmd:slurm:19.05.7:*:*:*:*:*:*:*

OR cpe:/a:schedmd:slurm:20.02.5:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202027746	V	CVE-2020-27746	2022-09-02
oval:org.opensuse.security:def:3456	P	coreutils-8.25-13.7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3190	P	libjansson4-2.12-3.5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3436	P	atftp-0.7.0-160.8.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3432	P	apache2-mod_jk-1.2.40-7.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3453	P	clamav-0.101.3-1.19 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3434	P	apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3430	P	apache2-2.4.23-29.43.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3437	P	audiofile-0.3.6-11.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3433	P	apache2-mod_nss-1.0.14-19.9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3458	P	cpp48-4.8.5-31.20.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3830	P	xorg-x11-server-1.19.6-8.18 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3431	P	apache2-mod_apparmor-2.8.2-51.18.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3460	P	crash-7.2.1-6.42 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3454	P	colord-gtk-lang-0.1.26-6.3 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3192	P	libjavascriptcoregtk-3_0-0-2.4.11-23.20 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3451	P	chrony-2.3-5.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3462	P	ctags-5.8-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:95212	P	libpurple-2.14.8-150400.1.10 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95139	P	nut-2.7.4-4.72 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95162	P	uuidd-2.37.2-150400.6.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95163	P	virt-install-4.0.0-150400.1.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95138	P	nginx-1.21.5-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:6326	P	Security update for netatalk (Important)	2022-04-13
oval:org.opensuse.security:def:6324	P	Security update for libreoffice (Moderate)	2022-04-04
oval:org.opensuse.security:def:102259	P	Security update for bind (Important)	2022-03-24
oval:org.opensuse.security:def:101852	P	Security update for ImageMagick (Moderate)	2022-02-21
oval:org.opensuse.security:def:5339	P	Security update for samba (Critical)	2022-02-14
oval:org.opensuse.security:def:101851	P	Security update for the Linux Kernel (Critical)	2022-02-11
oval:org.opensuse.security:def:112725	P	libnss_slurm2-21.08.1-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:5942	P	Security update for kernel-firmware (Low)	2021-12-30
oval:org.opensuse.security:def:67357	P	Security update for python3 (Moderate)	2021-12-16
oval:org.opensuse.security:def:67349	P	Security update for xen (Moderate)	2021-12-07
oval:org.opensuse.security:def:64633	P	Security update for gmp (Moderate)	2021-12-06
oval:org.opensuse.security:def:67348	P	Security update for openssh (Important)	2021-12-06
oval:org.opensuse.security:def:69159	P	Security update for mariadb (Moderate)	2021-12-01
oval:org.opensuse.security:def:73925	P	Security update for postgresql13 (Important)	2021-11-22
oval:org.opensuse.security:def:73919	P	Security update for samba and ldb (Important)	2021-11-10
oval:org.opensuse.security:def:73918	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:69089	P	Security update for qemu (Important)	2021-11-03
oval:org.opensuse.security:def:101925	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3) (Important)	2021-10-12
oval:org.opensuse.security:def:106198	P	libnss_slurm2-21.08.1-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:96688	P	librsync-devel-1.0.0-1.27 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96762	P	python3-salt-2019.2.0-4.4 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96763	P	python3-urllib3-1.24-7.24 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96687	P	librrd8-1.7.0-4.34 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:67260	P	Security update for libaom (Important)	2021-09-09
oval:org.opensuse.security:def:67254	P	Security update for nodejs10 (Moderate)	2021-09-03
oval:org.opensuse.security:def:67253	P	Security update for java-11-openjdk (Important)	2021-09-03
oval:org.opensuse.security:def:102203	P	Security update for xen (Important)	2021-09-02
oval:org.opensuse.security:def:101876	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:101875	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:63058	P	libnss_slurm2-20.11.5-2.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:1969	P	libnss_slurm2-20.11.5-2.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:72512	P	libjpeg8-32bit-8.1.2-5.15.7 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:65652	P	Security update for the Linux Kernel (Important)	2021-07-15
oval:org.opensuse.security:def:69056	P	Security update for postgresql10 (Moderate)	2021-06-14
oval:org.opensuse.security:def:64521	P	Security update for qemu (Important)	2021-06-08
oval:org.opensuse.security:def:4116	P	Security update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk (Important)	2021-04-07
oval:org.opensuse.security:def:51182	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP2) (Important)	2021-03-17
oval:org.opensuse.security:def:51181	P	Security update for glib2 (Important)	2021-03-16
oval:org.opensuse.security:def:49147	P	Security update for slurm_20_11 and pdsh (Important)	2021-03-12
oval:org.opensuse.security:def:20676	P	Security update for slurm_20_11 and pdsh (Important)	2021-03-12
oval:org.opensuse.security:def:108869	P	Security update for slurm_20_11 and pdsh (Important)	2021-02-18
oval:org.opensuse.security:def:76099	P	Security update for slurm_20_11 and pdsh (Important)	2021-02-18
oval:org.opensuse.security:def:97223	P	Security update for slurm_20_11 and pdsh (Important)	2021-02-18
oval:org.opensuse.security:def:95490	P	Security update for slurm_20_11 and pdsh (Important)	2021-02-18
oval:org.opensuse.security:def:67031	P	Security update for slurm_20_11 and pdsh (Important)	2021-02-18
oval:org.opensuse.security:def:111475	P	Security update for slurm_18_08 (Important)	2021-01-17
oval:org.opensuse.security:def:98181	P	Security update for slurm_20_02 (Moderate)	2021-01-15
oval:org.opensuse.security:def:67415	P	Security update for slurm_20_02 (Moderate)	2021-01-15
oval:org.opensuse.security:def:104871	P	Security update for slurm_20_02 (Moderate)	2021-01-15
oval:org.opensuse.security:def:66753	P	Security update for slurm_20_02 (Moderate)	2021-01-15
oval:org.opensuse.security:def:5664	P	Security update for slurm_20_02 (Moderate)	2021-01-15
oval:org.opensuse.security:def:91216	P	Security update for slurm_20_02 (Moderate)	2021-01-15
oval:org.opensuse.security:def:108591	P	Security update for slurm_20_02 (Moderate)	2021-01-15
oval:org.opensuse.security:def:75821	P	Security update for slurm_20_02 (Moderate)	2021-01-15
oval:org.opensuse.security:def:96899	P	Security update for slurm_20_02 (Moderate)	2021-01-15
oval:org.opensuse.security:def:74699	P	Security update for ImageMagick (Moderate)	2021-01-12
oval:org.opensuse.security:def:51099	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:4114	P	Security update for PackageKit (Low)	2020-12-22
oval:org.opensuse.security:def:51097	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:49139	P	Security update for slurm_20_02 (Important)	2020-12-21
oval:org.opensuse.security:def:20668	P	Security update for slurm_20_02 (Important)	2020-12-21
oval:org.opensuse.security:def:110377	P	Security update for slurm_18_08 (Important)	2020-12-19
oval:org.opensuse.security:def:67413	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:104869	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:108541	P	Security update for slurm_18_08 (Important)	2020-12-18
oval:org.opensuse.security:def:66704	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:98100	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:5615	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:75771	P	Security update for slurm_18_08 (Important)	2020-12-18
oval:org.opensuse.security:def:91214	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:108542	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:104790	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:75496	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:66428	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:75772	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:8534	P	Security update for slurm_18_08 (Important)	2020-12-18
oval:org.opensuse.security:def:98179	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:91135	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:66703	P	Security update for slurm_18_08 (Important)	2020-12-18
oval:org.opensuse.security:def:8535	P	Security update for slurm_17_11 (Important)	2020-12-18
oval:org.opensuse.security:def:5614	P	Security update for slurm_18_08 (Important)	2020-12-18
oval:org.opensuse.security:def:49138	P	Security update for slurm_18_08 (Important)	2020-12-17
oval:org.opensuse.security:def:20667	P	Security update for slurm_18_08 (Important)	2020-12-17
oval:org.opensuse.security:def:4075	P	libvpx-devel-1.3.0-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72326	P	vino-3.22.0-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3842	P	ImageMagick-6.8.8.1-71.126.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4098	P	ncurses-devel-5.9-64.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72396	P	libjpeg8-32bit-8.1.2-5.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4087	P	libzypp-devel-16.20.0-2.39.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4100	P	nut-cgi-2.7.4-3.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4088	P	libzzip-0-13-0.13.67-10.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72442	P	vino-3.22.0-9.32 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4074	P	libvorbis-devel-1.3.3-10.14.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:64995	P	Security update for ldb (Moderate)	2020-12-01
oval:org.opensuse.security:def:52213	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:65742	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:51008	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:51205	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:51107	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:52483	P	Security update for tomcat (Moderate)	2020-12-01
oval:org.opensuse.security:def:52520	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:50937	P	Security update for grub2 (Important)	2020-12-01
oval:org.opensuse.security:def:70705	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:52457	P	Security update for dpdk (Critical)	2020-12-01
oval:org.opensuse.security:def:65812	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:50833	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:51009	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:51207	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:74039	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:70596	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:51108	P	Security update for libnettle (Moderate)	2020-12-01
oval:org.opensuse.security:def:52545	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:75182	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:65107	P	Security update for openssl-1_1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:70713	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:52458	P	Security update for dpdk (Critical)	2020-12-01
oval:org.opensuse.security:def:51075	P	Security update for libcdio (Low)	2020-12-01
oval:org.opensuse.security:def:52275	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:51029	P	Security update for cf-cli (Moderate)	2020-12-01
oval:org.opensuse.security:def:74573	P	Security update for squid (Critical)	2020-12-01
oval:org.opensuse.security:def:74040	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:70597	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:51130	P	Security update for gnome-shell (Moderate)	2020-12-01
oval:org.opensuse.security:def:65722	P	Security update for u-boot (Important)	2020-12-01
oval:org.opensuse.security:def:52547	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:50768	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:68986	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:50864	P	Security update for wpa_supplicant (Moderate)	2020-12-01
oval:org.opensuse.security:def:52481	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:51076	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:52519	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:51031	P	Security update for containerd, docker and go (Important)	2020-12-01
oval:org.opensuse.security:def:75049	P	Security update for ark (Moderate)	2020-12-01
oval:org.opensuse.security:def:74048	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:70603	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:51132	P	Security update for netpbm (Moderate)	2020-12-01
oval:org.opensuse.security:def:70704	P	Security update for slurm (Important)	2020-12-01
oval:org.opensuse.security:def:110877	P	Security update for slurm (Important)	2020-11-26
oval:org.opensuse.security:def:110323	P	Security update for slurm (Important)	2020-11-26
oval:org.opensuse.security:def:75748	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:91213	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:104763	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:75469	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:108925	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:117849	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:98178	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:91108	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:108517	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:95546	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:104868	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:75747	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:108518	P	Security update for slurm (Important)	2020-11-24
oval:org.opensuse.security:def:98073	P	Security update for slurm (Important)	2020-11-24

BACK