CVE-2022-1049

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-1049

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-1049.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-1049

Related

Published

2022-03-25T19:15:10Z

Modified

2024-09-18T03:12:04.993817Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.

References

Affected packages

Debian:11 / pcs

Package

Name: pcs
Purl: pkg:deb/debian/pcs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.8-1+deb11u1

Affected versions

0.*

0.10.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pcs

Package

Name: pcs
Purl: pkg:deb/debian/pcs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pcs

Package

Name: pcs
Purl: pkg:deb/debian/pcs?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.11.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}