CVE-2020-12693 – This CVE describes an authentication bypass vul... (How to Fix)

Q: What is the severity of CVE-2020-12693?

CVE-2020-12693 has a CVSS score of 8.1 (HIGH). This CVE describes an authentication bypass vulnerability in Slurm workload manager when Message Aggregation is enabled. A race condition allows attackers to launch processes as arbitrary users, potentially gaining unauthorized access and privileges. Affected systems are those running Slurm 19.05.x before 19.05.7 or 20.02.x before 20.02.3 with Message Aggregation enabled.

📋 TL;DR

This CVE describes an authentication bypass vulnerability in Slurm workload manager when Message Aggregation is enabled. A race condition allows attackers to launch processes as arbitrary users, potentially gaining unauthorized access and privileges. Affected systems are those running Slurm 19.05.x before 19.05.7 or 20.02.x before 20.02.3 with Message Aggregation enabled.

💻 Affected Systems

Products:

Slurm Workload Manager

Versions: 19.05.x before 19.05.7, 20.02.x before 20.02.3

Operating Systems: Linux

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when Message Aggregation is enabled, which is not the default configuration. Requires specific race condition timing.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an attacker gains root privileges and takes control of the entire Slurm cluster, potentially accessing sensitive data and executing arbitrary code on all nodes.

🟠

Likely Case

Unauthorized privilege escalation allowing attackers to run jobs as other users, potentially accessing restricted data and consuming computational resources without authorization.

🟢

If Mitigated

Limited impact with proper network segmentation, minimal Message Aggregation usage, and strict user permissions, potentially reducing to denial of service or limited privilege escalation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires Message Aggregation enabled and precise race condition timing. Requires existing user access to the Slurm system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 19.05.7 or 20.02.3

Vendor Advisory: https://lists.schedmd.com/pipermail/slurm-announce/

Restart Required: Yes

Instructions:

1. Backup current Slurm configuration. 2. Stop all Slurm services. 3. Upgrade to Slurm 19.05.7 or 20.02.3 using your distribution's package manager. 4. Restart Slurm services. 5. Verify the upgrade was successful.

🔧 Temporary Workarounds

Disable Message Aggregation

linux

Disable the MessageAggregator plugin to eliminate the vulnerable code path

Edit slurm.conf and set MessageAggregatorParams = disable
Restart slurmctld: systemctl restart slurmctld

🧯 If You Can't Patch

Disable Message Aggregation feature in slurm.conf configuration
Implement strict network segmentation to isolate Slurm control plane from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Check Slurm version with 'slurmd -V' and verify if MessageAggregator is enabled in slurm.conf

Check Version:

slurmd -V | head -1

Verify Fix Applied:

Confirm version is 19.05.7 or higher for 19.05.x branch, or 20.02.3 or higher for 20.02.x branch

📡 Detection & Monitoring

Log Indicators:

Unusual process launches under different user IDs
Failed authentication attempts followed by successful process execution
Messages about MessageAggregator race conditions

Network Indicators:

Unusual network traffic patterns between Slurm nodes during job submission

SIEM Query:

source="slurm" AND (event="process_launch" OR event="auth_failure") | stats count by user, src_ip

📊 Metadata

CVE ID: CVE-2020-12693

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: May 21, 2020

Last Updated: November 21, 2024

🔗 References

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00035.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00063.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNL5E5SK4WP6M3DKU4IKW2NPQD2XTZ4Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3RGQB3EWDLOLTSPAJPPWZEPQK3O3AUH/
https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html Mailing List,Release Notes,Vendor Advisory
https://www.debian.org/security/2021/dsa-4841 Third Party Advisory
https://www.schedmd.com/news.php?id=236 Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00035.html Mailing List,Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00063.html Mailing List,Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/01/msg00011.html Mailing List,Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNL5E5SK4WP6M3DKU4IKW2NPQD2XTZ4Y/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3RGQB3EWDLOLTSPAJPPWZEPQK3O3AUH/
https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html Mailing List,Release Notes,Vendor Advisory
https://www.debian.org/security/2021/dsa-4841 Third Party Advisory
https://www.schedmd.com/news.php?id=236 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON