CVE-2023-27486

Name of the Vulnerable Software and Affected Versions xCAT versions prior to 2.16.5

Description xCAT is a toolkit for deployment and administration of computer clusters. If zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default, so only users that use the optional zone feature are impacted.

Recommendations For xCAT versions prior to 2.16.5, upgrade to version 2.16.5 to resolve the issue. As a temporary workaround for users unable to upgrade, consider disabling zones or patching the management node with the fix contained in commit 85149c37f49.