Vulnerability CVE-2022-1049


Published: 2022-03-25

Description:
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Clusterlabs -> PCS 

 References:
https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5

Copyright 2022, cxsecurity.com

 

Back to Top