OpenCVE

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schedmd	Slurm

Configuration 1 [-]

OR	cpe:2.3:a:schedmd:slurm::::::::
	cpe:2.3:a:schedmd:slurm::::::::
	cpe:2.3:a:schedmd:slurm:23.11:-::::::
	cpe:2.3:a:schedmd:slurm:23.11:rc1::::::

No data.

References

Link	Providers
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
https://www.schedmd.com/security-archive.php

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-14T00:00:00

Updated: 2024-08-02T22:09:49.555Z

Reserved: 2023-12-03T00:00:00

Link: CVE-2023-49933

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-14T05:15:08.810

Modified: 2024-11-21T08:34:02.130

Link: CVE-2023-49933

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-49933", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T22:09:49.555Z", "dateReserved": "2023-12-03T00:00:00", "datePublished": "2023-12-14T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-03T03:06:30.481088"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.schedmd.com/security-archive.php"}, {"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"}, {"name": "FEDORA-2023-9a74d212f8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"name": "FEDORA-2023-540de58d84", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:09:49.555Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.schedmd.com/security-archive.php", "tags": ["x_transferred"]}, {"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", "tags": ["x_transferred"]}, {"name": "FEDORA-2023-9a74d212f8", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"name": "FEDORA-2023-540de58d84", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F78B348-8518-461F-A411-6E04D00E0DB8", "versionEndExcluding": "22.05.12", "versionStartIncluding": "22.05", "vulnerable": true}, {"criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FD67C27-289A-4071-9380-74059C3A24E2", "versionEndExcluding": "23.02.7", "versionStartIncluding": "23.02", "vulnerable": true}, {"criteria": "cpe:2.3:a:schedmd:slurm:23.11:-:*:*:*:*:*:*", "matchCriteriaId": "F7271FE9-7535-4337-8B65-61C533932E4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:schedmd:slurm:23.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "1A2835FE-2E57-47FF-BD76-9817978108C5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. There is Improper Enforcement of Message Integrity During Transmission in a Communication Channel. This allows attackers to modify RPC traffic in a way that bypasses message hash checks. The fixed versions are 22.05.11, 23.02.7, and 23.11.1."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en SchedMD Slurm 22.05.x, 23.02.x y 23.11.x. Existe una aplicaci\u00f3n inadecuada de la integridad del mensaje durante la transmisi\u00f3n en un canal de comunicaci\u00f3n. Esto permite a los atacantes modificar el tr\u00e1fico RPC de manera que eluda las comprobaciones de hash de mensajes. Las versiones fijas son 22.05.11, 23.02.7 y 23.11.1."}], "id": "CVE-2023-49933", "lastModified": "2024-11-21T08:34:02.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-14T05:15:08.810", "references": [{"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.schedmd.com/security-archive.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.schedmd.com/security-archive.php"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-924"}], "source": "nvd@nist.gov", "type": "Primary"}]}