VYPR

hawk

by Clusterlabs

CVEs (2)

  • CVE-2020-35458CriJan 12, 2021
    risk 0.64cvss 9.8epss 0.05

    An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser.

  • CVE-2021-3020HigAug 26, 2022
    risk 0.00cvss 8.8epss 0.01

    An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to…