FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

slurm-wlm -- SQL Injection attacks against SlurmDBD

Affected packages
slurm-wlm < 17.02.10

Details

VuXML ID b3e04661-2a0a-11e8-9e63-3085a9a47796
Discovery 2018-03-15
Entry 2018-03-17

SchedMD reports:

Several issues were discovered with incomplete sanitization of user-provided text strings, which could potentially lead to SQL injection attacks against SlurmDBD itself. Such exploits could lead to a loss of accounting data, or escalation of user privileges on the cluster.

References

CVE Name CVE-2018-7033
URL https://nvd.nist.gov/vuln/detail/CVE-2018-7033