CVE-2010-2496

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2010-2496

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-2496.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2010-2496

Downstream

DEBIAN-CVE-2010-2496

UBUNTU-CVE-2010-2496

openSUSE-SU-2024:10507-1

Related

openSUSE-SU-2024:10507-1

Published

2021-10-18T13:15:08Z

Modified

2025-08-09T19:01:28Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2010-2496

Affected packages