CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 1CVE-2024-3049 – Booth: specially crafted hash can lead to invalid hmac being accepted by booth server
https://notcve.org/view.php?id=CVE-2024-3049
06 Jun 2024 — A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. Se encontró una falla en Booth, un administrador de tickets de clúster. Si se pasa un hash especialmente manipulado a gcry_md_get_algo_dlen(), es posible que el servidor Booth acepte un HMAC no válido. An update for booth is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterp... • https://github.com/truonghuuphuc/CVE-2024-30491-Poc • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39976 – libqb: Buffer overflow in log_blackbox.c
https://notcve.org/view.php?id=CVE-2023-39976
08 Aug 2023 — log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Issues addressed include a buffer overflow vulnerability. • https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2319 – pcs: webpack: Regression of CVE-2023-28154 fixes in the Red Hat Enterprise Linux
https://notcve.org/view.php?id=CVE-2023-2319
09 May 2023 — It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Iss... • https://access.redhat.com/errata/RHSA-2023:2652 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-2735 – pcs: obtaining an authentication token for hacluster user could lead to privilege escalation
https://notcve.org/view.php?id=CVE-2022-2735
01 Sep 2022 — A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS. Se ha encontrado una vulnerabilidad en el proyecto PCS. • https://access.redhat.com/security/cve/CVE-2022-2735 • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3020
https://notcve.org/view.php?id=CVE-2021-3020
25 Aug 2022 — An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root. Se ha detectado un problema en ClusterLabs Hawk (también se ... • https://bugzilla.suse.com/show_bug.cgi?id=1180571 • CWE-269: Improper Privilege Management •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2553 – booth: authfile directive in booth config file is completely ignored.
https://notcve.org/view.php?id=CVE-2022-2553
28 Jul 2022 — The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. La directiva authfile en el archivo de configuración de booth es ignorada, impidiendo el uso de la autenticación en las comunicaciones de nodo a nodo. Como resultando, los nodos que no presentan la clave de autenticación correcta no son impedido... • https://github.com/ClusterLabs/booth/commit/35bf0b7b048d715f671eb68974fb6b4af6528c67 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2022-1049 – pcs: improper authentication via PAM
https://notcve.org/view.php?id=CVE-2022-1049
25 Mar 2022 — A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. Se encontró un fallo en la herramienta de configuración de Pacemaker (pcs). El demonio pcs permitía que las cuentas caducadas y las cuentas con contraseñas caducadas iniciaran sesión cuando era usada la autenticación PAM. • https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5 • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-2496
https://notcve.org/view.php?id=CVE-2010-2496
18 Oct 2021 — stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer. stonith-ng en pacemaker y cluster-glue pasaba contraseñas como parámetros de línea de comandos, que hacía posible que los atacantes locales obtuvieran acceso a las contraseñas de la pila de HA e influyeran potencialmente en ... • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2010-2496 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35459 – Ubuntu Security Notice USN-6711-1
https://notcve.org/view.php?id=CVE-2020-35459
12 Jan 2021 — An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges. Se detectó un problema en ClusterLabs crmsh versiones hasta 4.2.1. Los atacantes locales capaces de llamar a "crm history" (cuando se ejecuta "crm") fueron capaces de ejecutar comandos por medio de una inyección de código de shell en la línea de coma... • http://www.openwall.com/lists/oss-security/2021/01/12/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 13%CPEs: 2EXPL: 0CVE-2020-35458
https://notcve.org/view.php?id=CVE-2020-35458
12 Jan 2021 — An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser. Se detectó un problema en ClusterLabs Hawk versiones 2.x hasta 2.3.0-x. Se presenta un problema de inyección de código de shell Ruby por medio del parámetro hawk_remember_me_id en la cookie login_from_cookie. • http://www.openwall.com/lists/oss-security/2021/01/12/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •