CVE-2010-2496

{"id": "CVE-2010-2496", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2021-10-18T13:15:08.927", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2010-2496", "tags": ["Issue Tracking", "Mailing List", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2010-2496", "tags": ["Issue Tracking", "Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer."}, {"lang": "es", "value": "stonith-ng en pacemaker y cluster-glue pasaba contrase\u00f1as como par\u00e1metros de l\u00ednea de comandos, que hac\u00eda posible que los atacantes locales obtuvieran acceso a las contrase\u00f1as de la pila de HA e influyeran potencialmente en sus operaciones. Esto se ha corregido en cluster-glue versiones 1.0.6 y posteriores, y en pacemaker versiones 1.1.3 y posteriores"}], "lastModified": "2024-11-21T01:16:46.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:clusterlabs:cluster_glue:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF76BDD3-89ED-48EB-ABD3-01B176FC8FCD", "versionEndExcluding": "1.0.6"}, {"criteria": "cpe:2.3:a:clusterlabs:pacemaker:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0202E83-F41F-446A-9EFC-CA82A6F32022", "versionEndExcluding": "1.1.3"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}