PT-2021-8335 · Pacemaker+1 · Pacemaker+1

Lars Marowsky-Bree

Published

2021-10-18

Updated

2021-10-21

CVE-2010-2496

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions pacemaker versions prior to 1.1.3 cluster-glue versions prior to 1.0.6

Description The issue allows local attackers to gain access to passwords of the HA stack and potentially influence its operations by passing passwords as command-line parameters in stonith-ng in pacemaker and cluster-glue.

Recommendations For pacemaker versions prior to 1.1.3, update to version 1.1.3 or newer. For cluster-glue versions prior to 1.0.6, update to version 1.0.6 or newer.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2010-2496

OPENSUSE-SU-2024:10507-1

Affected Products

Cluster-Glue

Pacemaker

PT-2021-8335 · Pacemaker+1 · Pacemaker+1

CVE-2010-2496

Weakness Enumeration

Related Identifiers

Affected Products

References · 12