Vulnerability Description
SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Schedmd | Slurm | < 20.02.7 |
| Fedoraproject | Fedora | 33 |
| Debian | Debian Linux | 9.0 |
References
- https://lists.debian.org/debian-lts-announce/2022/01/msg00011.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.schedmd.com/pipermail/slurm-announce/2021/000055.htmlVendor Advisory
- https://www.schedmd.com/news.php?id=248#OPT_248Release NotesVendor Advisory
- https://lists.debian.org/debian-lts-announce/2022/01/msg00011.htmlMailing ListThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.schedmd.com/pipermail/slurm-announce/2021/000055.htmlVendor Advisory
- https://www.schedmd.com/news.php?id=248#OPT_248Release NotesVendor Advisory
FAQ
What is CVE-2021-31215?
CVE-2021-31215 is a vulnerability with a CVSS score of 8.8 (HIGH). SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishan...
How severe is CVE-2021-31215?
CVE-2021-31215 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31215?
Check the references section above for vendor advisories and patch information. Affected products include: Schedmd Slurm, Fedoraproject Fedora, Debian Debian Linux.