{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-49938", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-01-03T03:06:34.752554", "dateReserved": "2023-12-03T00:00:00", "datePublished": "2023-12-14T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-03T03:06:34.752554"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.schedmd.com/security-archive.php"}, {"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"}, {"name": "FEDORA-2023-9a74d212f8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"name": "FEDORA-2023-540de58d84", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*", "matchCriteriaId": "E77BB569-B1F1-4636-B94D-0EF5E1D1CB34", "versionEndExcluding": "22.05.11", "versionStartIncluding": "22.05.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*", "matchCriteriaId": "C81650BA-F3A5-4D8D-8F0E-336962EAC2E2", "versionEndExcluding": "23.02.7", "versionStartIncluding": "23.02.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en SchedMD Slurm 22.05.x y 23.02.x. Hay un control de acceso incorrecto: un atacante puede modificar su lista de grupos extendidos que se usa con el subsistema sbcast y abrir archivos con un conjunto no autorizado de grupos extendidos. Las versiones fijas son 22.05.11 y 23.02.7."}], "id": "CVE-2023-49938", "lastModified": "2024-01-03T03:15:10.053", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-14T05:15:11.890", "references": [{"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.schedmd.com/security-archive.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}