A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
References
Link | Resource |
---|---|
https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5 | Exploit Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/09/msg00017.html | Mailing List Third Party Advisory |
https://www.debian.org/security/2022/dsa-5226 | Third Party Advisory |
Configurations
History
12 Feb 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. |
02 Feb 2023, 21:22
Type | Values Removed | Values Added |
---|---|---|
Summary | A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon allowed expired accounts and accounts with expired passwords to log in when using PAM authentication. Unprivileged, expired accounts with previously denied access could still log in. | |
References |
|
27 Oct 2022, 16:11
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian debian Linux
Debian |
|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2022/09/msg00017.html - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2022/dsa-5226 - Third Party Advisory |
15 Sep 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Sep 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Mar 2022, 14:59
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5 - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:clusterlabs:pcs:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
CWE | CWE-287 | |
First Time |
Clusterlabs
Clusterlabs pcs |
25 Mar 2022, 19:44
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-03-25 19:15
Updated : 2023-12-14 21:40
NVD link : CVE-2022-1049
Mitre link : CVE-2022-1049
CVE.ORG link : CVE-2022-1049
JSON object : View
Products Affected
debian
- debian_linux
clusterlabs
- pcs
CWE
CWE-287
Improper Authentication