VYPR
← All advisories
Unrated severityNVD Advisory· Published May 5, 2022· Updated Aug 3, 2024

CVE-2022-29500

CVE-2022-29500

Description

SchedMD Slurm 21.08.x through 20.11.x contains an incorrect access control vulnerability leading to information disclosure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SchedMD Slurm 21.08.x through 20.11.x contains an incorrect access control vulnerability leading to information disclosure.

Vulnerability

SchedMD Slurm versions 21.08.x through 20.11.x have an incorrect access control vulnerability that allows information disclosure. The exact component and conditions are not detailed in available references, but the issue affects the job scheduling and resource management system.

Exploitation

An attacker with network access to the Slurm controller may be able to exploit the incorrect access control to obtain sensitive information. No authentication or user interaction is explicitly required based on available information.

Impact

Successful exploitation leads to information disclosure, potentially exposing configuration details or job data that should be restricted.

Mitigation

No specific fix version is identified in the available references. Users should monitor SchedMD releases for a patch. As of the publication date (2022-05-05), no fixed version has been announced.

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

75

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Incorrect access control in Slurm allows unauthorized information disclosure."

Attack vector

An attacker with network access to a Slurm cluster can exploit missing or insufficient access control checks to read information they should not be authorized to see [ref_id=1]. The advisory does not detail the specific RPC endpoint, payload shape, or authentication preconditions required. The vulnerability is present in Slurm versions 20.11.x through 21.08.x [ref_id=1].

Affected code

The advisory does not specify the exact functions or files at fault. It only states that Slurm versions 20.11.x through 21.08.x contain an "Incorrect Access Control" issue leading to information disclosure [ref_id=1]. No patch or code diff is provided in the bundle.

What the fix does

The advisory does not include a patch or specific remediation steps [ref_id=1]. The vendor (SchedMD) has not published a fix in the referenced release notes page. Users are advised to consult the SchedMD news page for future updates addressing this issue [ref_id=1].

Preconditions

  • networkNetwork access to a Slurm cluster running version 20.11.x through 21.08.x

Generated on May 28, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.