CVE-2017-15566
Severity CVSS v4.0:
Pending analysis
Type:
CWE-426
Untrusted Search Path
Publication date:
01/11/2017
Last modified:
20/04/2025
Description
Insecure SPANK environment variable handling exists in SchedMD Slurm before 16.05.11, 17.x before 17.02.9, and 17.11.x before 17.11.0rc2, allowing privilege escalation to root during Prolog or Epilog execution.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:* | 16.05.11 (excluding) | |
cpe:2.3:a:schedmd:slurm:*:*:*:*:*:*:*:* | 17.02.0 (including) | 17.2.09 (excluding) |
cpe:2.3:a:schedmd:slurm:17.11.0:rc1:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page