CVE-2010-2496

Source
https://nvd.nist.gov/vuln/detail/CVE-2010-2496
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-2496.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2010-2496
Related
Published
2021-10-18T13:15:08Z
Modified
2024-11-21T01:16:46Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.

References

Affected packages

Debian:11 / cluster-glue

Package

Name
cluster-glue
Purl
pkg:deb/debian/cluster-glue?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cluster-glue

Package

Name
cluster-glue
Purl
pkg:deb/debian/cluster-glue?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cluster-glue

Package

Name
cluster-glue
Purl
pkg:deb/debian/cluster-glue?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / pacemaker

Package

Name
pacemaker
Purl
pkg:deb/debian/pacemaker?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pacemaker

Package

Name
pacemaker
Purl
pkg:deb/debian/pacemaker?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pacemaker

Package

Name
pacemaker
Purl
pkg:deb/debian/pacemaker?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.1.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}