Primary

Context

Inspur ClusterEngine Privilege Escalation Vulnerability in getJobsByShell Component

Vulnerability

A privilege escalation vulnerability has been identified in Inspur ClusterEngine version 4.0. This issue arises from an improper SUID configuration in the component '/opt/tsce4/torque6/bin/getJobsByShell', allowing non-administrative users to gain root access by exploiting the SUID mechanism. The vulnerability enables these users to execute arbitrary commands with elevated privileges.

Impact

Exploitation of this vulnerability allows non-administrative users to gain root access on the affected system.

Reproduction

To reproduce this vulnerability, a non-administrative user can execute the 'getJobsByShell' component with a command shell as an argument. This will trigger the SUID privilege escalation, resulting in root access.

Remediation

Users are advised to upgrade the relevant components to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Inspur ClusterEngine Privilege Escalation Vulnerability in getJobsByShell Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Inspur ClusterEngine

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating