CVE-2023-49934 – This SQL injection vulnerability in SchedMD Slu... (How to Fix)

Q: What is the severity of CVE-2023-49934?

CVE-2023-49934 has a CVSS score of 9.8 (CRITICAL). This SQL injection vulnerability in SchedMD Slurm 23.11.x allows attackers to execute arbitrary SQL commands against the SlurmDBD database. Organizations running affected Slurm versions are at risk of data manipulation, exfiltration, or potential privilege escalation. The vulnerability affects Slurm workload manager installations with SlurmDBD enabled.

📋 TL;DR

This SQL injection vulnerability in SchedMD Slurm 23.11.x allows attackers to execute arbitrary SQL commands against the SlurmDBD database. Organizations running affected Slurm versions are at risk of data manipulation, exfiltration, or potential privilege escalation. The vulnerability affects Slurm workload manager installations with SlurmDBD enabled.

💻 Affected Systems

Products:

SchedMD Slurm

Versions: 23.11.0

Operating Systems: Linux distributions running Slurm

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with SlurmDBD (database daemon) enabled and running version 23.11.0.

📦 What is this software?

Slurm by Schedmd

View all CVEs affecting Slurm →

Slurm by Schedmd

View all CVEs affecting Slurm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the SlurmDBD database leading to data exfiltration, privilege escalation to root, and potential lateral movement to other systems in the cluster.

🟠

Likely Case

Unauthorized access to sensitive job data, user information, and potential manipulation of accounting records or job scheduling.

🟢

If Mitigated

Limited impact if proper network segmentation, database permissions, and input validation are already in place.

🌐 Internet-Facing: MEDIUM - While SlurmDBD typically isn't internet-facing, misconfigurations or exposed interfaces could allow remote exploitation.

🏢 Internal Only: HIGH - Most Slurm deployments are internal to organizations, making this a significant internal threat.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity, but specific exploit details haven't been publicly disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 23.11.1

Vendor Advisory: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html

Restart Required: Yes

Instructions:

1. Download Slurm 23.11.1 from official sources. 2. Stop Slurm services. 3. Apply the patch or upgrade to 23.11.1. 4. Restart Slurm services including slurmdbd.

🔧 Temporary Workarounds

Disable SlurmDBD

linux

Temporarily disable the Slurm database daemon if not critically needed

systemctl stop slurmdbd
systemctl disable slurmdbd

Network isolation

linux

Restrict network access to SlurmDBD port (typically 6819)

iptables -A INPUT -p tcp --dport 6819 -j DROP
firewall-cmd --permanent --remove-port=6819/tcp

🧯 If You Can't Patch

Implement strict network access controls to limit connections to SlurmDBD
Enable database-level security controls and audit logging for all SQL queries

🔍 How to Verify

Check if Vulnerable:

Check Slurm version: slurmdbd --version | grep '23.11.0'

Check Version:

slurmdbd --version

Verify Fix Applied:

Verify version is 23.11.1 or later: slurmdbd --version

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in SlurmDBD logs
Multiple failed authentication attempts
Unexpected database connections

Network Indicators:

Unusual traffic patterns to port 6819
SQL injection patterns in network traffic

SIEM Query:

source="slurmdbd.log" AND ("SELECT" OR "INSERT" OR "UPDATE" OR "DELETE") AND NOT normal_query_pattern

📊 Metadata

CVE ID: CVE-2023-49934

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: December 14, 2023

Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-49934, you might also want to check these: