{"id":"CVE-2021-31215","details":"SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 allows remote code execution as SlurmUser because use of a PrologSlurmctld or EpilogSlurmctld script leads to environment mishandling.","modified":"2026-04-11T12:36:25.693726Z","published":"2021-05-13T06:15:07.180Z","related":["MGASA-2021-0253","SUSE-SU-2021:1787-1","SUSE-SU-2021:1788-1","SUSE-SU-2021:1789-1","SUSE-SU-2021:1790-1","SUSE-SU-2021:1791-1","SUSE-SU-2021:1793-1","SUSE-SU-2021:1810-1","SUSE-SU-2021:1811-1","SUSE-SU-2021:1855-1","SUSE-SU-2021:1856-1","SUSE-SU-2021:2295-1","SUSE-SU-2021:2473-1","openSUSE-SU-2021:0821-1","openSUSE-SU-2024:11389-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"9.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"33"}],"cpe":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","source":"CPE_FIELD"},{"extracted_events":[{"last_affected":"34"}],"cpe":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3ODMJQNY4FAV7G3DSKVIO5KY7Q7DKBPU/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRHTASFAU5FNB2MJOG67YID2ONQS5MCQ/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html"},{"type":"ADVISORY","url":"https://lists.schedmd.com/pipermail/slurm-announce/2021/000055.html"},{"type":"ADVISORY","url":"https://www.schedmd.com/news.php?id=248#OPT_248"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/schedmd/slurm","events":[{"introduced":"0"},{"fixed":"964821e78915628a30264f262930a0212248c727"},{"fixed":"f84e9ec9589df7e6975e524e9c12cd85b96608e2"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"20.02.7"},{"introduced":"20.11"},{"fixed":"20.11.7"}],"cpe":"cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["slurm-13-12-0-0pre2","slurm-13-12-0-0pre3","slurm-13-12-0-0pre4","slurm-14-03-0-0pre5","slurm-14-03-0-0pre6","slurm-14-03-0-0rc1","slurm-14-03-0-1","slurm-14-11-0-0pre1","slurm-14-11-0-0pre2","slurm-14-11-0-0pre3","slurm-14-11-0-0pre4","slurm-14-11-0-0pre5","slurm-14-11-0-0rc1","slurm-15-08-0-0pre1","slurm-15-08-0-0pre2","slurm-15-08-0-0pre3","slurm-15-08-0-0pre4","slurm-15-08-0-0pre5","slurm-15-08-0-0pre6","slurm-15-08-0-0rc1","slurm-15-08-0-1","slurm-16-05-0-0pre1","slurm-16-05-0-0pre2","slurm-17-02-0-0pre1","slurm-17-02-0-0pre2","slurm-17-02-0-0pre3","slurm-17-02-0-0pre4","slurm-17-11-0-0pre1","slurm-17-11-0-0pre2","slurm-18-08-0-0pre1","slurm-18-08-0-0pre2","slurm-19-05-0-0pre1","slurm-19-05-0-0pre2","slurm-19-05-0-0pre3","slurm-19-05-0-0rc1","slurm-2-3-0-0-pre6","slurm-2-3-0-0-rc1","slurm-2-3-0-0-rc2","slurm-2-3-0-1","slurm-2-4-0-0-pre1","slurm-2-4-0-0-pre2","slurm-2-4-0-0-pre3","slurm-2-4-0-0-pre4","slurm-2-5-0-0-pre1","slurm-2-5-0-0-pre2","slurm-2-5-0-0-pre3","slurm-2-5-0-0-rc1","slurm-2-5-0-0-rc2","slurm-2-5-0-1","slurm-2-6-0-0-pre2","slurm-2-6-0-0pre1","slurm-2-6-0-0pre2","slurm-2-6-0-0pre3","slurm-2-6-0-0pre4","slurm-2-6-0-0rc1","slurm-2-6-0-0rc2","slurm-20-02-0-0pre1","slurm-20-02-0-0rc1","slurm-20-02-0-1","slurm-20-02-1-1","slurm-20-02-2-1","slurm-20-02-3-1","slurm-20-02-4-1","slurm-20-02-5-1","slurm-20-02-6-1","slurm-20-11-0-0rc1","slurm-20-11-0-0rc2","slurm-20-11-0-1","slurm-20-11-1-1","slurm-20-11-2-1","slurm-20-11-3-1","slurm-20-11-4-1","slurm-20-11-5-1","slurm-20-11-6-1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31215.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}