CVE-2020-35459
Published: 12 January 2021
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.
Priority
CVSS 3 base score: 7.8
Status
Package | Release | Status |
---|---|---|
crmsh Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
Ubuntu 21.04 (Hirsute Hippo) |
Needs triage
|
|
Ubuntu 20.10 (Groovy Gorilla) |
Needs triage
|
|
Ubuntu 20.04 LTS (Focal Fossa) |
Needs triage
|
|
Ubuntu 18.04 LTS (Bionic Beaver) |
Needs triage
|
|
Ubuntu 16.04 LTS (Xenial Xerus) |
Needs triage
|
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Needs triage
|