rpm package
suse/crmsh&distro=SUSE Linux Enterprise High Availability Extension 15
pkg:rpm/suse/crmsh&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3020 | — | < 4.3.0+20210219.5d1bf034-3.62.3 | 4.3.0+20210219.5d1bf034-3.62.3 | Aug 25, 2022 | An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limi | ||
| CVE-2020-35459 | — | < 4.2.0+git.1607075079.a25648d8-3.56.1 | 4.2.0+git.1607075079.a25648d8-3.56.1 | Jan 12, 2021 | An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges. |
- CVE-2021-3020Aug 25, 2022affected < 4.3.0+20210219.5d1bf034-3.62.3fixed 4.3.0+20210219.5d1bf034-3.62.3
An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limi
- CVE-2020-35459Jan 12, 2021affected < 4.2.0+git.1607075079.a25648d8-3.56.1fixed 4.2.0+git.1607075079.a25648d8-3.56.1
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.