5.3

CVE-2018-10995

SchedMD Slurm before 17.02.11 and 17.1x.x before 17.11.7 mishandles user names (aka user_name fields) and group ids (aka gid fields).

Data is provided by the National Vulnerability Database (NVD)
SchedmdSlurm Version <= 17.02.10.1
SchedmdSlurm Version17.11.0.0 Updatepre1
SchedmdSlurm Version17.11.0.0 Updatepre2
SchedmdSlurm Version17.11.0.0 Updaterc1
SchedmdSlurm Version17.11.0.0 Updaterc2
SchedmdSlurm Version17.11.0.0 Updaterc3
SchedmdSlurm Version17.11.0.1
SchedmdSlurm Version17.11.1.1
SchedmdSlurm Version17.11.1.2
SchedmdSlurm Version17.11.2.1
SchedmdSlurm Version17.11.3.1
SchedmdSlurm Version17.11.3.2
SchedmdSlurm Version17.11.4.1
SchedmdSlurm Version17.11.5.1
SchedmdSlurm Version17.11.6.1
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.46% 0.612
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.