Known Vulnerabilities for products from Clusterlabs
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Clusterlabs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-3020 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-08-26 | 2023-08-08 |
| CVE-2020-35459 | An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) we... | 7.8 - HIGH | 2021-01-12 | 2021-07-21 |
| CVE-2020-35458 | An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_reme... | 9.8 - CRITICAL | 2021-01-12 | 2021-07-21 |
| CVE-2020-25654 | An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could ... | 7.2 - HIGH | 2020-11-24 | 2023-09-29 |
| CVE-2019-12779 | libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filename... | 7.1 - HIGH | 2019-06-07 | 2021-07-03 |
| CVE-2019-10153 | A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or ot... | 5 - MEDIUM | 2019-07-30 | 2023-02-02 |
| CVE-2019-3885 | A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive inform... | 7.5 - HIGH | 2019-04-18 | 2023-11-07 |
| CVE-2018-16878 | A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontr... | 5.5 - MEDIUM | 2019-04-18 | 2023-11-07 |
| CVE-2018-16877 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A... | 7.8 - HIGH | 2019-04-18 | 2023-11-07 |
| CVE-2018-1086 | pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service di... | 7.5 - HIGH | 2018-04-12 | 2019-10-09 |
| CVE-2018-1079 | pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST... | 6.5 - MEDIUM | 2018-04-12 | 2019-10-09 |
| CVE-2017-2661 | ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of No... | 6.1 - MEDIUM | 2018-03-12 | 2019-10-09 |
| CVE-2016-7797 | Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconn... | 7.5 - HIGH | 2017-03-24 | 2018-10-30 |
| CVE-2016-7035 | An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker wi... | 7.8 - HIGH | 2018-09-10 | 2023-11-07 |
| CVE-2016-0721 | Session fixation vulnerability in pcsd in pcs before 0.9.157. | 8.1 - HIGH | 2017-04-21 | 2023-02-12 |
| CVE-2016-0720 | Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | 8.8 - HIGH | 2017-04-21 | 2023-02-12 |
| CVE-2015-1867 | Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an... | 7.5 - HIGH | 2015-08-12 | 2023-02-12 |
| CVE-2014-0104 | In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially ... | 5.9 - MEDIUM | 2020-01-02 | 2020-01-10 |
| CVE-2013-0281 | Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit ... | 4.3 - MEDIUM | 2013-11-23 | 2019-04-22 |
| CVE-2011-5271 | Pacemaker before 1.1.6 configure script creates temporary files insecurely | 5.5 - MEDIUM | 2019-11-12 | 2019-11-14 |
Known software with vulnerabilities from Clusterlabs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Clusterlabs | Crmsh | 1.2.0 |
| Application | Clusterlabs | Fence-agents | - |
| Application | Clusterlabs | Hawk | 0.1.1 |
| Application | Clusterlabs | Libqb | 0.1.0 |
| Application | Clusterlabs | Pacemaker | 0.6.0 |
| Application | Clusterlabs | Pacemaker Command Line Interface | 0.9.2 |
| Application | Clusterlabs | Pcs | 0.9.2 |