{"api_version":"1","generated_at":"2026-04-23T04:33:05+00:00","cve":"CVE-2020-35459","urls":{"html":"https://cve.report/CVE-2020-35459","api":"https://cve.report/api/cve/CVE-2020-35459.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-35459","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-35459"},"summary":{"title":"CVE-2020-35459","description":"An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call \"crm history\" (when \"crm\" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2021-01-12 15:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["CWE-78"],"metrics":[],"references":[{"url":"https://www.openwall.com/lists/oss-security/2021/01/12/3","name":"https://www.openwall.com/lists/oss-security/2021/01/12/3","refsource":"CONFIRM","tags":["Exploit","Mailing List","Third Party Advisory"],"title":"oss-security - Security issues in hawk2 and crmsh","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/ClusterLabs/crmsh/releases","name":"https://github.com/ClusterLabs/crmsh/releases","refsource":"MISC","tags":["Release Notes","Third Party Advisory"],"title":"Releases · ClusterLabs/crmsh · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2021/01/12/3","name":"[oss-security] 20210112 Security issues in hawk2 and crmsh","refsource":"MLIST","tags":["Mailing List","Patch","Third Party Advisory"],"title":"oss-security - Security issues in hawk2 and crmsh","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1179999","name":"https://bugzilla.suse.com/show_bug.cgi?id=1179999","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory"],"title":"Bug 1179999 – VUL-0: CVE-2020-35459: crmsh: Root privilege escalation via hawk_invoke and crmsh","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00021.html","name":"[debian-lts-announce] 20210125 [SECURITY] [DLA 2533-1] crmsh security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2533-1] crmsh security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/ClusterLabs/crmsh/blob/a403aa15f3ea575adfe5e43bf2a31c9f9094fcda/crmsh/history.py#L476","name":"https://github.com/ClusterLabs/crmsh/blob/a403aa15f3ea575adfe5e43bf2a31c9f9094fcda/crmsh/history.py#L476","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"crmsh/history.py at a403aa15f3ea575adfe5e43bf2a31c9f9094fcda · ClusterLabs/crmsh · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-35459","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35459","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"35459","vulnerable":"1","versionEndIncluding":"4.2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"clusterlabs","cpe5":"crmsh","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"35459","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"35459","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-35459","qid":"200227","title":"Ubuntu Security Notification for CRM shell Vulnerability (USN-6711-1)"},{"cve":"CVE-2020-35459","qid":"750296","title":"OpenSUSE Security Update for hawk2 (openSUSE-SU-2021:0473-1)"},{"cve":"CVE-2020-35459","qid":"750318","title":"OpenSUSE Security Update for crmsh (openSUSE-SU-2021:0410-1)"},{"cve":"CVE-2020-35459","qid":"750423","title":"OpenSUSE Security Update for crmsh (openSUSE-SU-2021:0073-1)"},{"cve":"CVE-2020-35459","qid":"750437","title":"OpenSUSE Security Update for crmsh (openSUSE-SU-2021:0055-1)"},{"cve":"CVE-2020-35459","qid":"750878","title":"OpenSUSE Security Update for crmsh (openSUSE-SU-2021:2435-1)"},{"cve":"CVE-2020-35459","qid":"750890","title":"OpenSUSE Security Update for crmsh (openSUSE-SU-2021:1087-1)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-35459","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call \"crm history\" (when \"crm\" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1179999","refsource":"MISC","name":"https://bugzilla.suse.com/show_bug.cgi?id=1179999"},{"url":"https://github.com/ClusterLabs/crmsh/releases","refsource":"MISC","name":"https://github.com/ClusterLabs/crmsh/releases"},{"refsource":"CONFIRM","name":"https://www.openwall.com/lists/oss-security/2021/01/12/3","url":"https://www.openwall.com/lists/oss-security/2021/01/12/3"},{"refsource":"MISC","name":"https://github.com/ClusterLabs/crmsh/blob/a403aa15f3ea575adfe5e43bf2a31c9f9094fcda/crmsh/history.py#L476","url":"https://github.com/ClusterLabs/crmsh/blob/a403aa15f3ea575adfe5e43bf2a31c9f9094fcda/crmsh/history.py#L476"},{"refsource":"MLIST","name":"[oss-security] 20210112 Security issues in hawk2 and crmsh","url":"http://www.openwall.com/lists/oss-security/2021/01/12/3"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210125 [SECURITY] [DLA 2533-1] crmsh security update","url":"https://lists.debian.org/debian-lts-announce/2021/01/msg00021.html"}]}},"nvd":{"publishedDate":"2021-01-12 15:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["CWE-78"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:clusterlabs:crmsh:*:*:*:*:*:*:*:*","versionEndIncluding":"4.2.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"35459","Ordinal":"193959","Title":"CVE-2020-35459","CVE":"CVE-2020-35459","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"35459","Ordinal":"1","NoteData":"An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call \"crm history\" (when \"crm\" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"35459","Ordinal":"2","NoteData":"2021-01-12","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"35459","Ordinal":"3","NoteData":"2021-01-25","Type":"Other","Title":"Modified"}]}}}