7.5
CVSSv2

CVE-2019-12838

Published: 11/07/2019 Updated: 24/07/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SchedMD Slurm 17.11.x, 18.08.0 up to and including 18.08.7, and 19.05.0 allows SQL Injection.

Vulnerability Trend

Affected Products

Vendor Product Versions
SchedmdSlurm17.11.0.1, 17.11.1.1, 17.11.1.2, 17.11.2.1, 17.11.3.1, 17.11.3.2, 17.11.4.1, 17.11.5.0, 17.11.5.1, 17.11.6.1, 17.11.7.1, 17.11.8.1, 17.11.9.1, 17.11.9.2, 17.11.10.1, 17.11.11.1, 17.11.12.1, 17.11.13.1, 17.11.13.2, 18.08.0.0, 18.08.0.1, 18.08.1.1, 18.08.2.1, 18.08.3.1, 18.08.4.1, 18.08.5.1, 18.08.5.2, 18.08.7, 19.05.0

Vendor Advisories

Debian Bug report logs - #931880 slurm-llnl: CVE-2019-12838 Package: src:slurm-llnl; Maintainer for src:slurm-llnl is Debian HPC Team <debian-hpc@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 11 Jul 2019 20:09:01 UTC Severity: grave Tags: security, upstream Found in versions slu ...
It was discovered that the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, did not escape strings when importing an archive file into the accounting_storage/mysql backend, resulting in SQL injection For the stable distribution (buster), this problem has been fixed in version 180852- ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4572-1 security () debian org wwwdebianorg/security/ Moritz Muehlenhoff November 18, 2019 wwwdebianorg/security/faq ...