Vulnerability Description
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clusterlabs | Pcs | <= 0.11.2 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/09/msg00017.htmlMailing ListThird Party Advisory
- https://www.debian.org/security/2022/dsa-5226Third Party Advisory
- https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5ExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/09/msg00017.htmlMailing ListThird Party Advisory
- https://www.debian.org/security/2022/dsa-5226Third Party Advisory
FAQ
What is CVE-2022-1049?
CVE-2022-1049 is a vulnerability with a CVSS score of 8.8 (HIGH). A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivi...
How severe is CVE-2022-1049?
CVE-2022-1049 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-1049?
Check the references section above for vendor advisories and patch information. Affected products include: Clusterlabs Pcs, Debian Debian Linux.