Bug 1218047 (CVE-2023-49934)

Summary:	VUL-0: CVE-2023-49934: slurm: SQL injection
Product:	[Novell Products] SUSE Security Incidents	Reporter:	SMASH SMASH <smash_bz>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED UPSTREAM	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P5 - None	CC:	gabriele.sonnu
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/387987/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2023-12-14 10:21:43 UTC

An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injection against the SlurmDBD database. The fixed version is 23.11.1.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49934

Comment 1 Gabriele Sonnu 2023-12-14 10:22:32 UTC

We don't ship Slurm 23.11.x in any of our codestreams. Closing.