Back to search
CVE-2022-1049
Published: Mar 25, 2022
Modified: Aug 2, 2024
PUBLISHED
Description
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
| Vendor | Product | Versions |
|---|---|---|
n/a | clusterlabs/pcs | affected pcs versions <= v0.11.2 |
Weaknesses (CWE)
References
https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5
x_refsource_MISC
DSA-5226
vendor-advisory
x_refsource_DEBIAN
[debian-lts-announce] 20220914 [SECURITY] [DLA 3108-1] pcs security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now