8.8

CVE-2018-16877

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ClusterlabsPacemaker Version <= 2.0.0
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version18.10
CanonicalUbuntu Linux Version19.04
FedoraprojectFedora Version28
FedoraprojectFedora Version29
FedoraprojectFedora Version30
DebianDebian Linux Version9.0
OpensuseLeap Version15.0
OpensuseLeap Version42.3
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Eus Version8.1
RedhatEnterprise Linux Eus Version8.2
RedhatEnterprise Linux Eus Version8.4
RedhatEnterprise Linux Eus Version8.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.32
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
secalert@redhat.com 8.8 2 6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/108042
Broken Link
https://access.redhat.com/errata/RHSA-2019:1278
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1279
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16877
Patch
Third Party Advisory
Issue Tracking
https://github.com/ClusterLabs/pacemaker/pull/1749
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3GCWFO7GL6MBU6C4BGFO3P6L77DIBBF3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FY4M4RMIG2POKC6OOFQODGKPRYXHET2F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HR6QUYGML735EI3HEEHYRDW7EG73BUH2/
https://security.gentoo.org/glsa/202309-09
https://usn.ubuntu.com/3952-1/
Third Party Advisory