Vincent Berg

**Name of the Vulnerable Software and Affected Versions** ClusterLabs Hawk versions 2.x through 2.3.0-x **Description** The issue exists due to the lack of neutralization of special elements used in the operating system command. This allows a remote attacker to execute arbitrary code. Specifically, there is a Ruby shell code injection issue via the `hawk remember me id` parameter in the `login from cookie` cookie. The user logout routine can be used by unauthenticated remote attackers to execute code as hauser. **Recommendations** For versions 2.x through 2.3.0-x, consider disabling the `hawk remember me id` parameter in the `login from cookie` cookie as a temporary workaround to minimize the risk of exploitation. Restrict access to the user logout routine to prevent unauthenticated remote attackers from executing code as hauser.

**Name of the Vulnerable Software and Affected Versions** ClusterLabs crmsh versions 4.2.1 and earlier **Description** The issue allows local attackers to execute commands via shell code injection to the `crm history` command line, potentially allowing escalation of privileges. This is related to a lack of privilege management mechanism in the cluster management shell. Exploitation of the issue could allow an attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions 4.2.1 and earlier, as a temporary workaround, consider restricting access to the `crm history` command until a patch is available. Avoid using the `crm history` command with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.