CRITICAL🇵🇱 Wersja polska

CVE-2023-49934

CVSS 9.8v3.1pub. 2023-12-14upd. 2025-11-04

An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1.

🤖 AI Analysis
How it works

An attacker can craft a malicious query containing unescaped SQL code, which will be passed to the SlurmDBD database without proper validation or parameterization. Due to the lack of authentication requirements, local network or user interaction (attack vector AV:N/AC:L/PR:N/UI:N), the exploit can be performed remotely by any attacker with network access to the service.

Impact

Successful exploitation of the vulnerability can lead to unauthorized read, modification, or deletion of data in the SlurmDBD database, and depending on the database server configuration — also to takeover of control over the entire HPC job management system.

Mitigation & patch

SchedMD Slurm should be updated to version 23.11.1, which contains a patch eliminating the vulnerability. Updates are also available in Fedora distribution repositories.

Who is affected

SchedMD Slurm in versions from the 23.11.x branch (before 23.11.1).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Schedmd Slurm

    APP
    Schedmd
    23.11
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2023-49937CRITICAL9.8PL ✓ten sam produkt

Double free w SchedMD Slurm umożliwia RCE lub DoS

CVE-2022-29502CRITICAL9.8ten sam produkt

SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.

CVE-2020-27745CRITICAL9.8ten sam produkt

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

CVE-2019-12838CRITICAL9.8ten sam produkt

SchedMD Slurm 17.11.x, 18.08.0 through 18.08.7, and 19.05.0 allows SQL Injection.

CVE-2019-6438CRITICAL9.8ten sam produkt

SchedMD Slurm before 17.11.13 and 18.x before 18.08.5 mishandles 32-bit systems.