CVE-2017-15566

Severity CVSS v4.0:
Pending analysis
Type:
CWE-426 Untrusted Search Path
Publication date:
01/11/2017
Last modified:
20/04/2025

Description

Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:* 16.05.11 (excluding)
cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:* 17.02.0 (including) 17.2.09 (excluding)
cpe:2.3:a:schedmd:slurm:17.11.0:rc1:*:*:*:*:*:*