{"id":"CVE-2024-48936","details":"SchedMD Slurm before 24.05.4 has Incorrect Authorization. A mistake in authentication handling in stepmgr could permit an attacker to execute processes under other users' jobs. This is limited to jobs explicitly running with --stepmgr, or on systems that have globally enabled stepmgr via SlurmctldParameters=enable_stepmgr in their configuration.","modified":"2026-04-09T10:24:33.464894Z","published":"2024-10-28T04:15:02.900Z","related":["SUSE-FU-2025:0660-1","SUSE-FU-2025:0661-1","openSUSE-SU-2024:14450-1"],"references":[{"type":"WEB","url":"https://www.schedmd.com/security-policy/"},{"type":"ARTICLE","url":"https://lists.schedmd.com/pipermail/slurm-announce/2024/date.html"},{"type":"ARTICLE","url":"https://lists.schedmd.com/mailman3/hyperkitty/list/slurm-announce%40lists.schedmd.com/message/44MFMN7R35YZFWTNO43R2754W5B5XUAI/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/schedmd/slurm","events":[{"introduced":"0"},{"fixed":"1f8005bf270bd6ea2b4f4fa05bdbfd11673d9e89"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"24.05.4"}]}}],"versions":["slurm-13-12-0-0pre2","slurm-13-12-0-0pre3","slurm-13-12-0-0pre4","slurm-14-03-0-0pre5","slurm-14-03-0-0pre6","slurm-14-03-0-0rc1","slurm-14-03-0-1","slurm-14-11-0-0pre1","slurm-14-11-0-0pre2","slurm-14-11-0-0pre3","slurm-14-11-0-0pre4","slurm-14-11-0-0pre5","slurm-14-11-0-0rc1","slurm-15-08-0-0pre1","slurm-15-08-0-0pre2","slurm-15-08-0-0pre3","slurm-15-08-0-0pre4","slurm-15-08-0-0pre5","slurm-15-08-0-0pre6","slurm-15-08-0-0rc1","slurm-15-08-0-1","slurm-16-05-0-0pre1","slurm-16-05-0-0pre2","slurm-17-02-0-0pre1","slurm-17-02-0-0pre2","slurm-17-02-0-0pre3","slurm-17-02-0-0pre4","slurm-17-11-0-0pre1","slurm-17-11-0-0pre2","slurm-18-08-0-0pre1","slurm-18-08-0-0pre2","slurm-19-05-0-0pre1","slurm-19-05-0-0pre2","slurm-19-05-0-0pre3","slurm-19-05-0-0rc1","slurm-2-3-0-0-pre6","slurm-2-3-0-0-rc1","slurm-2-3-0-0-rc2","slurm-2-3-0-1","slurm-2-4-0-0-pre1","slurm-2-4-0-0-pre2","slurm-2-4-0-0-pre3","slurm-2-4-0-0-pre4","slurm-2-5-0-0-pre1","slurm-2-5-0-0-pre2","slurm-2-5-0-0-pre3","slurm-2-5-0-0-rc1","slurm-2-5-0-0-rc2","slurm-2-5-0-1","slurm-2-6-0-0-pre2","slurm-2-6-0-0pre1","slurm-2-6-0-0pre2","slurm-2-6-0-0pre3","slurm-2-6-0-0pre4","slurm-2-6-0-0rc1","slurm-2-6-0-0rc2","slurm-20-02-0-0pre1","slurm-20-02-0-0rc1","slurm-20-11-0-0rc1","slurm-20-11-0-0rc2","slurm-20-11-0-1","slurm-21-08-0-0rc1","slurm-21-08-0-0rc2","slurm-22-05-0-0rc1","slurm-23-02-0-0rc1","slurm-23-11-0-0rc1","slurm-23-11-0-1","slurm-24-05-0-0rc1","slurm-24-05-0-1","slurm-24-05-1-1","slurm-24-05-2-1","slurm-24-05-3-1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-48936.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"}]}