CVE-2023-49935
Description
Slurmd Message Integrity Bypass allows reusing root-level authentication tokens, bypassing RPC message hashes in Slurm 23.02.x and 23.11.x.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Slurmd Message Integrity Bypass allows reusing root-level authentication tokens, bypassing RPC message hashes in Slurm 23.02.x and 23.11.x.
Vulnerability
An issue was discovered in SchedMD Slurm versions 23.02.x and 23.11.x. There is an Incorrect Access Control vulnerability (CVE-2023-49935) due to a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that are designed to protect against undesired MUNGE credential reuse [1].
Exploitation
An attacker with network access to the slurmd process can capture valid root-level MUNGE authentication tokens. By reusing these tokens, the attacker can send crafted RPC messages to slurmd without proper message integrity verification. No additional authentication or user interaction is required beyond possession of the token [1].
Impact
Successful exploitation allows the attacker to execute arbitrary RPC commands as root on the slurm compute node. This leads to complete compromise of the node's slurmd process, potentially enabling further lateral movement within the cluster. The confidentiality, integrity, and availability of the system are all at risk [1].
Mitigation
The fixed versions are 23.02.7 and 23.11.1, released on December 13, 2023 [1]. According to the vendor, there are no mitigations available for this issue; the only option is to patch and restart the affected daemons [1]. Users should upgrade to a fixed version or apply the patch provided by SchedMD.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
10- osv-coords8 versionspkg:rpm/opensuse/slurm&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/slurm_23_02&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP5pkg:rpm/suse/slurm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 23.02.7-150500.5.15.1+ 7 more
- (no CPE)range: < 23.02.7-150500.5.15.1
- (no CPE)range: < 23.02.7-150200.5.17.1
- (no CPE)range: < 23.02.7-150300.7.17.1
- (no CPE)range: < 23.02.7-150300.7.17.1
- (no CPE)range: < 23.02.7-150300.7.17.1
- (no CPE)range: < 23.02.7-3.16.1
- (no CPE)range: < 23.02.7-150500.5.15.1
- (no CPE)range: < 23.02.7-150500.5.15.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing integrity verification in slurmd allows reuse of root-level MUNGE authentication tokens by bypassing RPC message hash checks."
Attack vector
An attacker can reuse root-level authentication tokens during interaction with the slurmd process, bypassing the RPC message hashes that are designed to protect against undesired MUNGE credential reuse [ref_id=1]. This is an incorrect access control issue (CWE-284) that requires the attacker to have obtained or intercepted a valid root-level MUNGE credential token. The advisory states there are no mitigations available other than patching and restarting the affected daemons [ref_id=1].
Affected code
The vulnerability affects the slurmd daemon in SchedMD Slurm versions 23.02.x and 23.11.x. The advisory describes it as a "Slurmd Message Integrity Bypass" that permits an attacker to reuse root-level authentication tokens when interacting with the slurmd process, bypassing the RPC message hashes that protect against malicious MUNGE credential reuse [ref_id=1].
What the fix does
The fixed versions are 23.02.7 and 23.11.1 [ref_id=1]. The patch does not show the specific code changes, but the advisory indicates the fix addresses the RPC message hash bypass that allowed root-level authentication token reuse. SchedMD recommends upgrading to the fixed versions immediately, as no mitigations are available [ref_id=1].
Preconditions
- authAttacker must have obtained or intercepted a valid root-level MUNGE authentication token
- configTarget must be running Slurm 23.02.x or 23.11.x
- networkAttacker must be able to communicate with the slurmd process over the network
Generated on Jun 14, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FEDDYEE2WK7FHWBHKON3OZVQI56WSQ/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AYQS3LFGC4HE4WCW4L3NAA2I6FRIWMNO/mitrevendor-advisory
- lists.schedmd.com/pipermail/slurm-announce/2023/000103.htmlmitre
- www.schedmd.com/security-archive.phpmitre
News mentions
0No linked articles in our index yet.