CVE-2010-2496 — MEDIUM (5.5)

Q: How severe is CVE-2010-2496?

CVE-2010-2496 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-2496?

Check the references section above for vendor advisories and patch information. Affected products include: Clusterlabs Cluster Glue, Clusterlabs Pacemaker.

Vulnerability Description

stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Clusterlabs	Cluster Glue	< 1.0.6
Clusterlabs	Pacemaker	< 1.1.3

Related Weaknesses (CWE)

CWE-287

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2010-2496Issue TrackingMailing ListPatch
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2010-2496Issue TrackingMailing ListPatch

FAQ

What is CVE-2010-2496?

CVE-2010-2496 is a vulnerability with a CVSS score of 5.5 (MEDIUM). stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its op...

How severe is CVE-2010-2496?

CVE-2010-2496 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-2496?

Check the references section above for vendor advisories and patch information. Affected products include: Clusterlabs Cluster Glue, Clusterlabs Pacemaker.