CVE-2022-1049
Published: 25 March 2022
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
Priority
Status
Package | Release | Status |
---|---|---|
pcs Launchpad, Ubuntu, Debian |
bionic |
Needed
|
focal |
Needed
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needed
|
|
kinetic |
Not vulnerable
(0.11.3-1ubuntu1)
|
|
lunar |
Not vulnerable
(0.11.4-1ubuntu3)
|
|
mantic |
Not vulnerable
(0.11.4-1ubuntu3)
|
|
noble |
Not vulnerable
(0.11.4-1ubuntu3)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Released
(0.11.3)
|
|
xenial |
Needed
|
|
Patches: upstream: https://github.com/ClusterLabs/pcs/commit/fb860005117dc9e092649687dfa1304fb423efc5 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |