Unrated severityNVD Advisory· Published Nov 24, 2020· Updated Aug 4, 2024
CVE-2020-25654
CVE-2020-25654
Description
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18- pacemaker/pacemakerdescription
- osv-coords16 versionspkg:rpm/almalinux/pacemakerpkg:rpm/almalinux/pacemaker-clipkg:rpm/almalinux/pacemaker-ctspkg:rpm/almalinux/pacemaker-docpkg:rpm/almalinux/pacemaker-libs-develpkg:rpm/almalinux/pacemaker-nagios-plugins-metadatapkg:rpm/almalinux/pacemaker-remotepkg:rpm/opensuse/pacemaker&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/pacemaker&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/pacemaker&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3pkg:rpm/suse/pacemaker&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4pkg:rpm/suse/pacemaker&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5pkg:rpm/suse/pacemaker&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/pacemaker&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1pkg:rpm/suse/pacemaker&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/pacemaker&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 2.0.4-6.el8_3.1+ 15 more
- (no CPE)range: < 2.0.4-6.el8_3.1
- (no CPE)range: < 2.0.4-6.el8_3.1
- (no CPE)range: < 2.0.4-6.el8_3.1
- (no CPE)range: < 2.0.4-6.el8_3.1
- (no CPE)range: < 2.0.4-6.el8_3.1
- (no CPE)range: < 2.0.4-6.el8_3.1
- (no CPE)range: < 2.0.4-6.el8_3.1
- (no CPE)range: < 2.0.1+20190417.13d370ca9-lp151.2.16.4
- (no CPE)range: < 2.0.4+20200616.2deceaa3a-lp152.2.3.1
- (no CPE)range: < 1.1.16-6.23.1
- (no CPE)range: < 1.1.19+20181105.ccd6b5b10-3.22.1
- (no CPE)range: < 1.1.23+20200622.28dd98fad-3.9.2
- (no CPE)range: < 1.1.18+20180430.b12c320f5-3.27.1
- (no CPE)range: < 2.0.1+20190417.13d370ca9-3.15.1
- (no CPE)range: < 2.0.4+20200616.2deceaa3a-3.3.1
- (no CPE)range: < 1.1.23+20200622.28dd98fad-3.9.2
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.