rpm package
opensuse/hawk2&distro=openSUSE Leap 15.1
pkg:rpm/opensuse/hawk2&distro=openSUSE%20Leap%2015.1
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-35458 | — | < 2.3.0+git.1603969748.10468582-lp151.2.18.1 | 2.3.0+git.1603969748.10468582-lp151.2.18.1 | Jan 12, 2021 | An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser. |
- CVE-2020-35458Jan 12, 2021affected < 2.3.0+git.1603969748.10468582-lp151.2.18.1fixed 2.3.0+git.1603969748.10468582-lp151.2.18.1
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser.