clusterlabs

Top products

The 15 most recently published vulnerabilities affecting clusterlabs.

• CVE-2024-3049Booth: specially crafted hash can lead to invalid hmac being accepted by booth server5.9Jun 6, 2024
• CVE-2023-39976log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.9.8Aug 8, 2023
• CVE-2023-2319It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS p...9.8May 17, 2023
• CVE-2022-2735A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happe...7.8Sep 6, 2022
• CVE-2021-3020An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This al...8.8Aug 25, 2022
• CVE-2022-2553The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key ...6.5Jul 28, 2022
• CVE-2022-1049A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unpr...8.8Mar 25, 2022
• CVE-2010-2496stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its...5.5Oct 18, 2021
• CVE-2020-35459An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history ...7.8Jan 12, 2021
• CVE-2020-35458An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout ro...9.8Jan 12, 2021
• CVE-2020-25654An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain t...7.2Nov 24, 2020
• CVE-2014-0104In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary...5.9Jan 2, 2020
• CVE-2011-5271Pacemaker before 1.1.6 configure script creates temporary files insecurely5.5Nov 12, 2019
• CVE-2019-10153A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster...5.0Jul 30, 2019
• CVE-2019-12779libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames (under /dev/shm and /tmp) without O_EXCL.7.1Jun 7, 2019