RSS   Vulnerabilities for 'Cluster glue'   RSS

2021-10-18
 
CVE-2010-2496

CWE-287
 

 
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.

 

 >>> Vendor: Clusterlabs 7 Products
Pacemaker
PCS
Pacemaker command line interface
Libqb
Fence-agents
Crmsh
Cluster glue


Copyright 2022, cxsecurity.com

 

Back to Top