rpm package
opensuse/crmsh&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/crmsh&distro=openSUSE%20Leap%2015.2
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3020 | — | < 4.3.0+20210305.9db5c9a8-lp152.4.47.1 | 4.3.0+20210305.9db5c9a8-lp152.4.47.1 | Aug 25, 2022 | An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limi | ||
| CVE-2020-35459 | — | < 4.2.0+git.1607075079.a25648d8-lp152.4.39.1 | 4.2.0+git.1607075079.a25648d8-lp152.4.39.1 | Jan 12, 2021 | An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges. |
- CVE-2021-3020Aug 25, 2022affected < 4.3.0+20210305.9db5c9a8-lp152.4.47.1fixed 4.3.0+20210305.9db5c9a8-lp152.4.47.1
An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limi
- CVE-2020-35459Jan 12, 2021affected < 4.2.0+git.1607075079.a25648d8-lp152.4.39.1fixed 4.2.0+git.1607075079.a25648d8-lp152.4.39.1
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.