CVE-2018-10995

Published May 30, 2018

Last updated 3 days ago

CVSS medium 5.3

Overview

Description: SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0BEAE32-5DF2-4156-BE4F-321F6FE08D91",
            "versionEndIncluding": "17.02.10.1"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.0.0:pre1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F22DA2AF-C771-45A1-BB6B-855AC656E82C"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.0.0:pre2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C87B69AB-5095-44D3-858B-9CFA594289A3"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.0.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97543D37-D6AC-40AD-AE42-165456A62B74"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.0.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0476263-1C60-4008-B4C0-0686D9FFAE42"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.0.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FE507F0-6486-4E3C-A0A2-EF098D2EEF59"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF0E62D4-787C-46F9-982E-64EF95AE28A6"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0075BD6F-FA52-4880-86F0-F9AF536A6489"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EAC64DAA-CA2D-4F11-8B2C-327AF7F35452"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EF9B352-D360-48A1-BD44-007316D77AAA"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A04CCE3-E33F-4464-90B1-3F3102E75CDD"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44155074-3873-45C3-B6E7-0C2833C6C8BA"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97748EFA-7918-469D-B2FF-04B3A7CC81F0"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B016F46-938A-42C5-8FCA-5BD9A64A6684"
          },
          {
            "criteria": "cpe:2.3:a:schedmd:slurm:17.11.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F71B5928-7559-4A9D-AC76-39CB72AF0196"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References