PT-2020-6222 · Pacemaker+7 · Pacemaker+7

Huzaifa Sidhpurwala

·

Published

2019-12-20

·

Updated

2023-09-29

·

CVE-2020-25654

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:S/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Pacemaker versions prior to 1.1.24-rc1 Pacemaker versions prior to 2.0.5-rc2
Description The issue is related to an ACL bypass flaw in Pacemaker, which could allow an attacker with a local account on the cluster and in the haclient group to use IPC communication with various daemons directly, performing tasks that would be prevented by ACLs if they went through the configuration. This could potentially lead to unauthorized access to confidential information or cause a denial of service.
Recommendations For Pacemaker versions prior to 1.1.24-rc1, update to version 1.1.24-rc1 or later to resolve the issue. For Pacemaker versions prior to 2.0.5-rc2, update to version 2.0.5-rc2 or later to resolve the issue. As a temporary workaround, consider restricting access to the haclient group and limiting IPC communication with daemons to minimize the risk of exploitation.

Fix

Improper Access Control

Weakness Enumeration

CWE-284

Related Identifiers

ALSA-2020:5487
ALT-PU-2019-3344
ALT-PU-2020-2041
ALT-PU-2021-2319
ALT-PU-2021-2323
ALT-PU-2021-2347
ALT-PU-2021-2367
BDU:2021-03617
CESA-2020_5453
CESA-2020_5487
CVE-2020-25654
DLA-2447-1
DLA-2447-2
DLA-2519-1
DSA-4791-1
MGASA-2020-0409
OESA-2022-1900
OESA-2022-1901
OPENSUSE-SU-2020:1782-1
OPENSUSE-SU-2020:1825-1
OPENSUSE-SU-2020_1782-1
OPENSUSE-SU-2020_1825-1
OPENSUSE-SU-2024:11138-1
RHSA-2020:5423
RHSA-2020:5453
RHSA-2020:5487
RHSA-2020_5453
RHSA-2020_5487
SUSE-SU-2020:3054-1
SUSE-SU-2020:3073-1
SUSE-SU-2020:3080-1
SUSE-SU-2020:3086-1
SUSE-SU-2020:3089-1
SUSE-SU-2020:3094-1
SUSE-SU-2020_3054-1
SUSE-SU-2020_3073-1
SUSE-SU-2020_3080-1
SUSE-SU-2020_3086-1
SUSE-SU-2020_3089-1
SUSE-SU-2020_3094-1
USN-4623-1

Affected Products

Alt Linux
Almalinux
Centos
Linuxmint
Pacemaker
Red Hat
Suse
Ubuntu