{"id":"CVE-2020-27746","details":"Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.","modified":"2026-04-11T12:34:08.852545Z","published":"2020-11-27T18:15:11.707Z","related":["SUSE-SU-2020:3505-1","SUSE-SU-2020:3506-1","SUSE-SU-2020:3863-1","SUSE-SU-2020:3877-1","SUSE-SU-2020:3878-1","SUSE-SU-2020:3892-1","SUSE-SU-2021:0139-1","SUSE-SU-2021:0773-1","openSUSE-SU-2020:2033-1","openSUSE-SU-2020:2056-1","openSUSE-SU-2020:2286-1","openSUSE-SU-2021:0096-1","openSUSE-SU-2024:11389-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"10.0"}]}]},"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4841"},{"type":"FIX","url":"https://www.schedmd.com/news.php"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/schedmd/slurm","events":[{"introduced":"0"},{"fixed":"e2e21cb571ce88a6dd52989ec6fe30da8c4ef15f"},{"fixed":"5921b6abe8e4f813d107dce9400c206e4ebf370d"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"19.05.8"},{"introduced":"20.0.0"},{"fixed":"20.02.6"}]}}],"versions":["slurm-13-12-0-0pre2","slurm-13-12-0-0pre3","slurm-13-12-0-0pre4","slurm-14-03-0-0pre5","slurm-14-03-0-0pre6","slurm-14-03-0-0rc1","slurm-14-03-0-1","slurm-14-11-0-0pre1","slurm-14-11-0-0pre2","slurm-14-11-0-0pre3","slurm-14-11-0-0pre4","slurm-14-11-0-0pre5","slurm-14-11-0-0rc1","slurm-15-08-0-0pre1","slurm-15-08-0-0pre2","slurm-15-08-0-0pre3","slurm-15-08-0-0pre4","slurm-15-08-0-0pre5","slurm-15-08-0-0pre6","slurm-15-08-0-0rc1","slurm-15-08-0-1","slurm-16-05-0-0pre1","slurm-16-05-0-0pre2","slurm-17-02-0-0pre1","slurm-17-02-0-0pre2","slurm-17-02-0-0pre3","slurm-17-02-0-0pre4","slurm-17-11-0-0pre1","slurm-17-11-0-0pre2","slurm-18-08-0-0pre1","slurm-18-08-0-0pre2","slurm-19-05-0-0pre1","slurm-19-05-0-0pre2","slurm-19-05-0-0pre3","slurm-19-05-0-0rc1","slurm-19-05-0-1","slurm-19-05-1-1","slurm-19-05-1-2","slurm-19-05-2-1","slurm-19-05-3-1","slurm-19-05-3-2","slurm-19-05-4-1","slurm-19-05-5-1","slurm-19-05-6-1","slurm-19-05-7-1","slurm-2-3-0-0-pre6","slurm-2-3-0-0-rc1","slurm-2-3-0-0-rc2","slurm-2-3-0-1","slurm-2-4-0-0-pre1","slurm-2-4-0-0-pre2","slurm-2-4-0-0-pre3","slurm-2-4-0-0-pre4","slurm-2-5-0-0-pre1","slurm-2-5-0-0-pre2","slurm-2-5-0-0-pre3","slurm-2-5-0-0-rc1","slurm-2-5-0-0-rc2","slurm-2-5-0-1","slurm-2-6-0-0-pre2","slurm-2-6-0-0pre1","slurm-2-6-0-0pre2","slurm-2-6-0-0pre3","slurm-2-6-0-0pre4","slurm-2-6-0-0rc1","slurm-2-6-0-0rc2","slurm-20-02-0-0pre1","slurm-20-02-0-0rc1","slurm-20-02-0-1","slurm-20-02-1-1","slurm-20-02-2-1","slurm-20-02-3-1","slurm-20-02-4-1","slurm-20-02-5-1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27746.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}