CVE-2021-3020

An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=1180571	Permissions Required
https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82	Patch Third Party Advisory
https://github.com/ClusterLabs/hawk/releases	Release Notes Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1180571	Permissions Required
https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82	Patch Third Party Advisory
https://github.com/ClusterLabs/hawk/releases	Release Notes Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:clusterlabs:hawk:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:20

Type	Values Removed	Values Added
References	~~() https://bugzilla.suse.com/show_bug.cgi?id=1180571 - Permissions Required~~	() https://bugzilla.suse.com/show_bug.cgi?id=1180571 - Permissions Required
References	~~() https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82 - Patch, Third Party Advisory~~	() https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82 - Patch, Third Party Advisory
References	~~() https://github.com/ClusterLabs/hawk/releases - Release Notes, Third Party Advisory~~	() https://github.com/ClusterLabs/hawk/releases - Release Notes, Third Party Advisory

08 Aug 2023, 14:22

Type	Values Removed	Values Added
CWE	~~CWE-77~~	CWE-269

Information

Published : 2022-08-26 00:15

Updated : 2024-11-21 06:20

NVD link : CVE-2021-3020

Mitre link : CVE-2021-3020

CVE.ORG link : CVE-2021-3020

JSON object : View

Products Affected

clusterlabs

hawk

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2021-3020", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-08-26T00:15:08.773", "references": [{"url": "https://bugzilla.suse.com/show_bug.cgi?id=1180571", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ClusterLabs/hawk/releases", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.suse.com/show_bug.cgi?id=1180571", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ClusterLabs/hawk/releases", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive \"shell\" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root."}, {"lang": "es", "value": "Se ha detectado un problema en ClusterLabs Hawk (tambi\u00e9n se conoce como HA Web Konsole) hasta la versi\u00f3n 2.3.0-15. Es enviado el binario hawk_invoke (construido a partir de tools/hawk_invoke.c), destinado a ser usado como un programa setuid. Esto permite al usuario hacluster invocar determinados comandos como root (con un intento de limitar esto a combinaciones seguras). Este usuario es capaz de ejecutar un \"shell\" interactivo que no est\u00e1 limitado a los comandos especificados en hawk_invoke, permitiendo una escalada a root."}], "lastModified": "2024-11-21T06:20:46.053", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:clusterlabs:hawk:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB239D06-C0CE-4BAB-9974-D872E9D3E167", "versionEndIncluding": "2.3.0-15"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}