RSS   Vulnerabilities for 'Crmsh'   RSS

2021-01-12
 
CVE-2020-35459

CWE-269
 

 
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.

 

 >>> Vendor: Clusterlabs 7 Products
Pacemaker
PCS
Pacemaker command line interface
Libqb
Fence-agents
Crmsh
Cluster glue


Copyright 2024, cxsecurity.com

 

Back to Top