CVE-2020-35459
Description
CVE-2020-35459 is a shell code injection vulnerability in ClusterLabs crmsh through 4.2.1, where local attackers can gain privilege escalation via crafted input to the "crm history" command.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2020-35459 is a shell code injection vulnerability in ClusterLabs crmsh through 4.2.1, where local attackers can gain privilege escalation via crafted input to the "crm history" command.
Vulnerability
Overview
CVE-2020-35459 is a shell code injection vulnerability in ClusterLabs crmsh, a command-line management tool for the Pacemaker High Availability cluster stack. The flaw affects crmsh versions up to 4.2.1. The root cause is insufficient sanitization of user-supplied input passed to the crm history command, which is executed via a shell. Local attackers who are able to invoke crm history (when crm is run) can inject arbitrary shell commands through crafted arguments [1][2][3].
Attack
Vector and Prerequisites
The vulnerability can only be exploited by a local user who has the ability to run the crm tool. No authentication bypass is needed for the exploitation because the crm command relies on user-level access. The attacker provides specially crafted input to the crm history subcommand, which, due to insufficient quoting or validation, results in the input being interpreted as additional shell commands. This injection can be performed without needing any special privileges beyond running the crm tool [4][2].
Impact
Successful exploitation enables a local attacker to execute arbitrary shell commands with the privileges of the user running crm (often root or a user with elevated privileges for cluster management). This can lead to full compromise of the affected system, including privilege escalation and potentially cluster-wide disruption. The vulnerability was rated as important (CVSSv3 base score not assigned in references but described as 'important' by SUSE) [2][4].
Mitigation and
Patches
Mitigations include upgrading to a patched version of crmsh. References show that SUSE released security updates for affected products on 2021-01-12 (e.g., SUSE-SU-2021:0085-1 and SUSE-SU-2021:0086-1) and that upstream changes included avoiding shell constructs in favor of plain Python functions, such as using utils.mkdirp instead of system mkdir command [2]. Unpatched versions (through 4.2.1) remain vulnerable; users should update to crmsh 5.1.0 or later, as the changelog indicates fixes for similar issues [1].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
crmshPyPI | <= 4.2.1 | — |
Affected products
21- ClusterLabs/crmshdescription
- ghsa-coords20 versionspkg:pypi/crmshpkg:rpm/opensuse/crmsh&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/crmsh&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/crmsh&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/crmsh&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/hawk2&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/hawk2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/crmsh&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3pkg:rpm/suse/crmsh&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4pkg:rpm/suse/crmsh&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5pkg:rpm/suse/crmsh&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/crmsh&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1pkg:rpm/suse/crmsh&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2pkg:rpm/suse/crmsh&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3pkg:rpm/suse/hawk2&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3pkg:rpm/suse/hawk2&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP4pkg:rpm/suse/hawk2&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP5pkg:rpm/suse/hawk2&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015pkg:rpm/suse/hawk2&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1pkg:rpm/suse/hawk2&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2
<= 4.2.1+ 19 more
- (no CPE)range: <= 4.2.1
- (no CPE)range: < 4.2.0+git.1607075079.a25648d8-lp151.2.45.1
- (no CPE)range: < 4.2.0+git.1607075079.a25648d8-lp152.4.39.1
- (no CPE)range: < 4.3.1+20210702.4e0ee8fb-5.59.1
- (no CPE)range: < 4.3.1+20210913.d7356663-1.2
- (no CPE)range: < 2.6.3+git.1614684118.af555ad9-lp152.2.18.1
- (no CPE)range: < 2.6.4+git.1682509819.1ff135ea-1.1
- (no CPE)range: < 3.0.4+git.1607490926.e492f845-13.56.1
- (no CPE)range: < 4.1.0+git.1607482714.9633b80d-2.50.1
- (no CPE)range: < 4.1.0+git.1607482714.9633b80d-2.50.1
- (no CPE)range: < 4.2.0+git.1607075079.a25648d8-3.56.1
- (no CPE)range: < 4.2.0+git.1607075079.a25648d8-3.51.1
- (no CPE)range: < 4.2.0+git.1607075079.a25648d8-5.32.1
- (no CPE)range: < 4.3.1+20210702.4e0ee8fb-5.59.1
- (no CPE)range: < 2.6.3+git.1614685906.812c31e9-2.42.1
- (no CPE)range: < 2.6.3+git.1614685906.812c31e9-3.30.1
- (no CPE)range: < 2.6.3+git.1614685906.812c31e9-3.30.1
- (no CPE)range: < 2.6.3+git.1614684118.af555ad9-3.27.1
- (no CPE)range: < 2.6.3+git.1614684118.af555ad9-3.27.1
- (no CPE)range: < 2.6.3+git.1614684118.af555ad9-3.27.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-99xx-83jm-h24mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-35459ghsaADVISORY
- www.openwall.com/lists/oss-security/2021/01/12/3ghsamailing-listx_refsource_MLISTWEB
- bugzilla.suse.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/ClusterLabs/crmsh/blob/a403aa15f3ea575adfe5e43bf2a31c9f9094fcda/crmsh/history.pyghsax_refsource_MISCWEB
- github.com/ClusterLabs/crmsh/releasesghsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2021/01/msg00021.htmlghsamailing-listx_refsource_MLISTWEB
- www.openwall.com/lists/oss-security/2021/01/12/3ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.