Pacemaker · Pacemaker · CVE-2010-2496
**Name of the Vulnerable Software and Affected Versions**
pacemaker versions prior to 1.1.3
cluster-glue versions prior to 1.0.6
**Description**
The issue allows local attackers to gain access to passwords of the HA stack and potentially influence its operations by passing passwords as command-line parameters in stonith-ng in pacemaker and cluster-glue.
**Recommendations**
For pacemaker versions prior to 1.1.3, update to version 1.1.3 or newer.
For cluster-glue versions prior to 1.0.6, update to version 1.0.6 or newer.