CVE-2023-49938 - OpenCVE

An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schedmd	Slurm

Configuration 1 [-]

OR	cpe:2.3:a:schedmd:slurm::::::::
	cpe:2.3:a:schedmd:slurm::::::::

No data.

References

Link	Providers
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/
https://lists.fedoraproject.org/archives/list/[email protected]/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/
https://lists.fedoraproject.org/archives/list/[email protected]/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/
https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html
https://www.schedmd.com/security-archive.php

History

Tue, 04 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.fedoraproject.org/archives/list/[email protected]/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/ https://lists.fedoraproject.org/archives/list/[email protected]/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-14T00:00:00.000Z

Updated: 2025-11-04T18:20:16.498Z

Reserved: 2023-12-03T00:00:00.000Z

Link: CVE-2023-49938

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-14T05:15:11.890

Modified: 2025-11-04T19:16:12.413

Link: CVE-2023-49938

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-49938", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-04T18:20:16.498Z", "dateReserved": "2023-12-03T00:00:00.000Z", "datePublished": "2023-12-14T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-03T03:06:34.752Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.schedmd.com/security-archive.php"}, {"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"}, {"name": "FEDORA-2023-9a74d212f8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"name": "FEDORA-2023-540de58d84", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.schedmd.com/security-archive.php", "tags": ["x_transferred"]}, {"url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html", "tags": ["x_transferred"]}, {"name": "FEDORA-2023-9a74d212f8", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"name": "FEDORA-2023-540de58d84", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T18:20:16.498Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*", "matchCriteriaId": "E77BB569-B1F1-4636-B94D-0EF5E1D1CB34", "versionEndExcluding": "22.05.11", "versionStartIncluding": "22.05.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*", "matchCriteriaId": "C81650BA-F3A5-4D8D-8F0E-336962EAC2E2", "versionEndExcluding": "23.02.7", "versionStartIncluding": "23.02.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is Incorrect Access Control: an attacker can modified their extended group list that is used with the sbcast subsystem, and open files with an unauthorized set of extended groups. The fixed versions are 22.05.11 and 23.02.7."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en SchedMD Slurm 22.05.x y 23.02.x. Hay un control de acceso incorrecto: un atacante puede modificar su lista de grupos extendidos que se usa con el subsistema sbcast y abrir archivos con un conjunto no autorizado de grupos extendidos. Las versiones fijas son 22.05.11 y 23.02.7."}], "id": "CVE-2023-49938", "lastModified": "2025-11-04T19:16:12.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-12-14T05:15:11.890", "references": [{"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"source": "[email protected]", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}, {"source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.schedmd.com/security-archive.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.schedmd.com/security-archive.php"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}