Vulnerability CVE-2021-31215

Vulnerability Name:

CVE-2021-31215 (CCN-201912)

Assigned:

2021-05-12

Published:

2021-05-12

Updated:

2022-03-31

Summary:

SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-noinfo

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-31215

Source: XF
Type: UNKNOWN
schedmd-cve202131215-cmd-exec(201912)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220117 [SECURITY] [DLA 2886-1] slurm-llnl security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-335cd3eab7

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-f75a803ff3

Source: CONFIRM
Type: Vendor Advisory
https://lists.schedmd.com/pipermail/slurm-announce/2021/000055.html

Source: CCN
Type: SchedMD Web site
Slurm

Source: CONFIRM
Type: Release Notes, Vendor Advisory
https://www.schedmd.com/news.php?id=248#OPT_248

Vulnerable Configuration:

Configuration 1:

cpe:/a:schedmd:slurm:*:*:*:*:*:*:*:* (Version < 20.02.7)

OR cpe:/a:schedmd:slurm:*:*:*:*:*:*:*:* (Version >= 20.11 and < 20.11.7)

Configuration 2:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:schedmd:slurm:18.08.4:*:*:*:*:*:x86:*

OR cpe:/a:schedmd:slurm:18.08.7:*:*:*:*:*:*:*

OR cpe:/a:schedmd:slurm:19.05.0:*:*:*:*:*:*:*

OR cpe:/a:schedmd:slurm:20.02.6:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:6110	P	Security update for postgresql12 (Important) (in QA)	2022-08-31
oval:org.opensuse.security:def:95268	P	Security update for systemd-presets-common-SUSE (Moderate) (in QA)	2022-07-13
oval:org.opensuse.security:def:95253	P	Security update for salt (Important)	2022-07-06
oval:org.opensuse.security:def:95255	P	Security update for openssl-3 (Important)	2022-07-06
oval:org.opensuse.security:def:95256	P	Security update for ldb, samba (Moderate)	2022-07-06
oval:org.opensuse.security:def:95267	P	Security update for dpkg (Low) (in QA)	2022-05-27
oval:org.opensuse.security:def:6038	P	Security update for curl (Moderate)	2022-05-16
oval:org.opensuse.security:def:6039	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:6331	P	Security update for the Linux Kernel (Important)	2022-05-16
oval:org.opensuse.security:def:6328	P	Security update for libwmf (Important)	2022-05-06
oval:org.opensuse.security:def:6027	P	Security update for libcaca (Moderate)	2022-05-03
oval:org.opensuse.security:def:6026	P	Security update for xen (Moderate)	2022-05-03
oval:org.opensuse.security:def:6023	P	Security update for java-11-openjdk (Important)	2022-04-29
oval:org.opensuse.security:def:6024	P	Security update for jasper (Moderate)	2022-04-29
oval:org.opensuse.security:def:101980	P	Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) (Important)	2022-04-25
oval:org.opensuse.security:def:101981	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important)	2022-04-25
oval:org.opensuse.security:def:101968	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) (Important)	2022-04-20
oval:org.opensuse.security:def:101966	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important)	2022-04-15
oval:org.opensuse.security:def:6329	P	Security update for zxing-cpp (Important)	2022-01-24
oval:org.opensuse.security:def:101969	P	Security update for the Linux Kernel (Important)	2022-01-19
oval:org.opensuse.security:def:112725	P	libnss_slurm2-21.08.1-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:102261	P	Security update for salt (Moderate)	2021-10-27
oval:org.opensuse.security:def:106198	P	libnss_slurm2-21.08.1-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:97002	P	dovecot23-2.3.3-5.29 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:97027	P	openslp-server-2.0.0-6.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:97004	P	freeradius-server-3.0.16-3.3.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:97028	P	openssh-fips-7.9p1-4.7 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:97007	P	gtk-vnc-devel-0.7.2-1.33 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:97008	P	guestfs-data-1.38.0-3.52 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:101863	P	Security update for slurm (Important)	2021-07-27
oval:org.opensuse.security:def:76267	P	Security update for slurm (Important)	2021-07-27
oval:org.opensuse.security:def:67420	P	Security update for slurm (Important)	2021-07-27
oval:org.opensuse.security:def:67199	P	Security update for slurm (Important)	2021-07-27
oval:org.opensuse.security:def:9121	P	Security update for slurm_20_11 (Important)	2021-07-12
oval:org.opensuse.security:def:96192	P	Security update for slurm_20_11 (Important)	2021-07-12
oval:org.opensuse.security:def:108927	P	Security update for slurm_20_11 (Important)	2021-07-12
oval:org.opensuse.security:def:67418	P	Security update for slurm_20_11 (Important)	2021-07-12
oval:org.opensuse.security:def:109548	P	Security update for slurm_20_11 (Important)	2021-07-12
oval:org.opensuse.security:def:117851	P	Security update for slurm_20_11 (Important)	2021-07-12
oval:org.opensuse.security:def:102882	P	Security update for slurm_20_11 (Important)	2021-07-12
oval:org.opensuse.security:def:118661	P	Security update for slurm_20_11 (Important)	2021-07-12
oval:org.opensuse.security:def:95548	P	Security update for slurm_20_11 (Important)	2021-07-12
oval:org.opensuse.security:def:102260	P	Security update for salt (Important)	2021-06-10
oval:org.opensuse.security:def:92125	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:5720	P	Security update for slurm_18_08 (Important)	2021-06-04
oval:org.opensuse.security:def:76196	P	Security update for slurm_18_08 (Important)	2021-06-04
oval:org.opensuse.security:def:75876	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:8590	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:67127	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:98880	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:75877	P	Security update for slurm_18_08 (Important)	2021-06-04
oval:org.opensuse.security:def:108646	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:8591	P	Security update for slurm_18_08 (Important)	2021-06-04
oval:org.opensuse.security:def:99075	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:8769	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:67128	P	Security update for slurm_18_08 (Important)	2021-06-04
oval:org.opensuse.security:def:66808	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:108647	P	Security update for slurm_18_08 (Important)	2021-06-04
oval:org.opensuse.security:def:8964	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:5719	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:76195	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:91930	P	Security update for slurm (Important)	2021-06-04
oval:org.opensuse.security:def:66809	P	Security update for slurm_18_08 (Important)	2021-06-04
oval:org.opensuse.security:def:111412	P	Security update for slurm (Important)	2021-06-01
oval:org.opensuse.security:def:108926	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:67116	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:66796	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:98875	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:108635	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:67417	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:99070	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:5707	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:76183	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:117850	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:8764	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:66797	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:8959	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:5708	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:76184	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:75864	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:91925	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:95547	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:92120	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:67115	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:75865	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:108634	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:5705	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:76181	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:91922	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:8762	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:20673	P	Security update for slurm_18_08 (Important)	2021-05-27
oval:org.opensuse.security:def:92117	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:8957	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:67112	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:49145	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:75862	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:91923	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:20674	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:92118	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:67113	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:49146	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:98872	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:108632	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:99067	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:49143	P	Security update for slurm (Important)	2021-05-27
oval:org.opensuse.security:def:20675	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:76180	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:8761	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:66794	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:98873	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:20672	P	Security update for slurm (Important)	2021-05-27
oval:org.opensuse.security:def:8956	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:99068	P	Security update for slurm_20_11 (Important)	2021-05-27
oval:org.opensuse.security:def:49144	P	Security update for slurm_18_08 (Important)	2021-05-27

BACK