CVE-2020-25654 - An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in

CVE-2020-25654

Summary

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.

References

Vulnerable Configurations

cpe:2.3:a:clusterlabs:pacemaker:2.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.5:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.5:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.6:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.6.6:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.8:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.9:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc5:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc5:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc6:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc6:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc7:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.10:rc7:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.11:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.11:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.11:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.11:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.11:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.11:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.11:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.11:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.11:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.11:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.11:rc5:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.11:rc5:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.12:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.12:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.12:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.12:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.12:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.12:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.12:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.12:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.12:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.12:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.13:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.13:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.13:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.13:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.13:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.13:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.13:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.13:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.14:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.14:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.14:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.14:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.14:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.14:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.14:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.14:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.14:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.14:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.14:rc5:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.14:rc5:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.15:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.15:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.15:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.15:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.15:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.15:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.15:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.15:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.15:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.15:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.16:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.16:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.16:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.16:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.16:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.16:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.17:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.17:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.17:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.17:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.17:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.17:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.17:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.17:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.17:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.17:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.18:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.18:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.18:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.18:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.18:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.18:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.18:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.18:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.18:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.18:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.19:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.19:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.19:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.19:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.20:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.20:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.20:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.20:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.20:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.20:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.20:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.20:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.21:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.21:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.21:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:1.1.21:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.0:rc6:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.1:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.1:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.1:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.1:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.1:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.1:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.1:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.1:rc4:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.1:rc5:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.1:rc5:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.2:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.2:-:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.2:rc1:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.2:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.2:rc2:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.2:rc3:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker:2.0.2:rc3:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CVSS

Base:	9.0 (as of 29-09-2023 - 11:15)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:S/C:C/I:C/A:C

redhat via4

advisories

bugzilla

id	1888191
title	CVE-2020-25654 pacemaker: ACL restrictions bypass

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment pacemaker is earlier than 0:1.1.23-1.el7_9.1
oval oval:com.redhat.rhsa:tst:20205453001
comment pacemaker is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635002

AND

comment pacemaker-cli is earlier than 0:1.1.23-1.el7_9.1
oval oval:com.redhat.rhsa:tst:20205453003
comment pacemaker-cli is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635004

AND

comment pacemaker-cluster-libs is earlier than 0:1.1.23-1.el7_9.1
oval oval:com.redhat.rhsa:tst:20205453005
comment pacemaker-cluster-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635006

AND

comment pacemaker-cts is earlier than 0:1.1.23-1.el7_9.1
oval oval:com.redhat.rhsa:tst:20205453007
comment pacemaker-cts is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635008

AND

comment pacemaker-doc is earlier than 0:1.1.23-1.el7_9.1
oval oval:com.redhat.rhsa:tst:20205453009
comment pacemaker-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635010

AND

comment pacemaker-libs is earlier than 0:1.1.23-1.el7_9.1
oval oval:com.redhat.rhsa:tst:20205453011
comment pacemaker-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635012

AND

comment pacemaker-libs-devel is earlier than 0:1.1.23-1.el7_9.1
oval oval:com.redhat.rhsa:tst:20205453013
comment pacemaker-libs-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635014

AND

comment pacemaker-nagios-plugins-metadata is earlier than 0:1.1.23-1.el7_9.1
oval oval:com.redhat.rhsa:tst:20205453015
comment pacemaker-nagios-plugins-metadata is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152383016

AND

comment pacemaker-remote is earlier than 0:1.1.23-1.el7_9.1
oval oval:com.redhat.rhsa:tst:20205453017
comment pacemaker-remote is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635016

rhsa

id	RHSA-2020:5453
released	2020-12-15
severity	Moderate
title	RHSA-2020:5453: pacemaker security update (Moderate)

bugzilla

id	1888191
title	CVE-2020-25654 pacemaker: ACL restrictions bypass

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND
comment pacemaker is earlier than 0:2.0.4-6.el8_3.1
oval oval:com.redhat.rhsa:tst:20205487001
comment pacemaker is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635002

AND

comment pacemaker-cli is earlier than 0:2.0.4-6.el8_3.1
oval oval:com.redhat.rhsa:tst:20205487003
comment pacemaker-cli is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635004

AND

comment pacemaker-cluster-libs is earlier than 0:2.0.4-6.el8_3.1
oval oval:com.redhat.rhsa:tst:20205487005
comment pacemaker-cluster-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635006

AND

comment pacemaker-cts is earlier than 0:2.0.4-6.el8_3.1
oval oval:com.redhat.rhsa:tst:20205487007
comment pacemaker-cts is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635008

AND

comment pacemaker-debugsource is earlier than 0:2.0.4-6.el8_3.1
oval oval:com.redhat.rhsa:tst:20205487009
comment pacemaker-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20191279010

AND

comment pacemaker-doc is earlier than 0:2.0.4-6.el8_3.1
oval oval:com.redhat.rhsa:tst:20205487011
comment pacemaker-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635010

AND

comment pacemaker-libs is earlier than 0:2.0.4-6.el8_3.1
oval oval:com.redhat.rhsa:tst:20205487013
comment pacemaker-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635012

AND

comment pacemaker-libs-devel is earlier than 0:2.0.4-6.el8_3.1
oval oval:com.redhat.rhsa:tst:20205487015
comment pacemaker-libs-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635014

AND

comment pacemaker-nagios-plugins-metadata is earlier than 0:2.0.4-6.el8_3.1
oval oval:com.redhat.rhsa:tst:20205487017
comment pacemaker-nagios-plugins-metadata is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20152383016

AND

comment pacemaker-remote is earlier than 0:2.0.4-6.el8_3.1
oval oval:com.redhat.rhsa:tst:20205487019
comment pacemaker-remote is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20131635016

AND

comment pacemaker-schemas is earlier than 0:2.0.4-6.el8_3.1
oval oval:com.redhat.rhsa:tst:20205487021
comment pacemaker-schemas is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20191279022

rhsa

id	RHSA-2020:5487
released	2020-12-15
severity	Moderate
title	RHSA-2020:5487: pacemaker security update (Moderate)

rpms

pacemaker-0:2.0.3-5.el8_2.3
pacemaker-cli-0:2.0.3-5.el8_2.3
pacemaker-cli-debuginfo-0:2.0.3-5.el8_2.3
pacemaker-cluster-libs-0:2.0.3-5.el8_2.3
pacemaker-cluster-libs-debuginfo-0:2.0.3-5.el8_2.3
pacemaker-cts-0:2.0.3-5.el8_2.3
pacemaker-debuginfo-0:2.0.3-5.el8_2.3
pacemaker-debugsource-0:2.0.3-5.el8_2.3
pacemaker-doc-0:2.0.3-5.el8_2.3
pacemaker-libs-0:2.0.3-5.el8_2.3
pacemaker-libs-debuginfo-0:2.0.3-5.el8_2.3
pacemaker-libs-devel-0:2.0.3-5.el8_2.3
pacemaker-nagios-plugins-metadata-0:2.0.3-5.el8_2.3
pacemaker-remote-0:2.0.3-5.el8_2.3
pacemaker-remote-debuginfo-0:2.0.3-5.el8_2.3
pacemaker-schemas-0:2.0.3-5.el8_2.3
pacemaker-0:1.1.23-1.el7_9.1
pacemaker-cli-0:1.1.23-1.el7_9.1
pacemaker-cluster-libs-0:1.1.23-1.el7_9.1
pacemaker-cts-0:1.1.23-1.el7_9.1
pacemaker-debuginfo-0:1.1.23-1.el7_9.1
pacemaker-doc-0:1.1.23-1.el7_9.1
pacemaker-libs-0:1.1.23-1.el7_9.1
pacemaker-libs-devel-0:1.1.23-1.el7_9.1
pacemaker-nagios-plugins-metadata-0:1.1.23-1.el7_9.1
pacemaker-remote-0:1.1.23-1.el7_9.1
pacemaker-0:2.0.4-6.el8_3.1
pacemaker-cli-0:2.0.4-6.el8_3.1
pacemaker-cli-debuginfo-0:2.0.4-6.el8_3.1
pacemaker-cluster-libs-0:2.0.4-6.el8_3.1
pacemaker-cluster-libs-debuginfo-0:2.0.4-6.el8_3.1
pacemaker-cts-0:2.0.4-6.el8_3.1
pacemaker-debuginfo-0:2.0.4-6.el8_3.1
pacemaker-debugsource-0:2.0.4-6.el8_3.1
pacemaker-doc-0:2.0.4-6.el8_3.1
pacemaker-libs-0:2.0.4-6.el8_3.1
pacemaker-libs-debuginfo-0:2.0.4-6.el8_3.1
pacemaker-libs-devel-0:2.0.4-6.el8_3.1
pacemaker-nagios-plugins-metadata-0:2.0.4-6.el8_3.1
pacemaker-remote-0:2.0.4-6.el8_3.1
pacemaker-remote-debuginfo-0:2.0.4-6.el8_3.1
pacemaker-schemas-0:2.0.4-6.el8_3.1

refmap via4

misc	https://bugzilla.redhat.com/show_bug.cgi?id=1888191 https://lists.clusterlabs.org/pipermail/users/2020-October/027840.html https://seclists.org/oss-sec/2020/q4/83
mlist	[debian-lts-announce] 20210106 [SECURITY] [DLA 2519-1] pacemaker security update

Last major update

29-09-2023 - 11:15

Published

24-11-2020 - 20:15

Last modified

29-09-2023 - 11:15