A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 02:53
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Sep 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | NVD-CWE-noinfo |
Information
Published : 2019-04-18 18:29
Updated : 2024-02-28 17:08
NVD link : CVE-2018-16877
Mitre link : CVE-2018-16877
CVE.ORG link : CVE-2018-16877
JSON object : View
Products Affected
debian
- debian_linux
opensuse
- leap
redhat
- enterprise_linux
- enterprise_linux_server_aus
- enterprise_linux_eus
- enterprise_linux_server_tus
fedoraproject
- fedora
canonical
- ubuntu_linux
clusterlabs
- pacemaker
CWE