9

CVE-2020-25654

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ClusterlabsPacemaker Version < 1.1.23
ClusterlabsPacemaker Version >= 2.0.0 < 2.0.3
ClusterlabsPacemaker Version2.0.5 Updaterc1
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2% 0.782
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202309-09
https://bugzilla.redhat.com/show_bug.cgi?id=1888191
Third Party Advisory
Issue Tracking
https://lists.clusterlabs.org/pipermail/users/2020-October/027840.html
Vendor Advisory
Mailing List
https://seclists.org/oss-sec/2020/q4/83
Third Party Advisory
Mailing List