UBUNTU-CVE-2022-1049

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-1049

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-1049.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-1049

Related

CVE-2022-1049

Published

2022-03-25T19:15:00Z

Modified

2024-10-15T14:09:35Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.

References

Affected packages

Ubuntu:Pro:16.04:LTS / pcs

Package

Name: pcs
Purl: pkg:deb/ubuntu/pcs?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.149-1

0.9.149-1ubuntu1

0.9.149-1ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / pcs

Package

Name: pcs
Purl: pkg:deb/ubuntu/pcs?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.159-3ubuntu2

0.9.161-1

0.9.162-1

0.9.164-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / pcs

Package

Name: pcs
Purl: pkg:deb/ubuntu/pcs?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10.2-1

0.10.4-2

0.10.4-2ubuntu1

0.10.4-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / pcs

Package

Name: pcs
Purl: pkg:deb/ubuntu/pcs?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.10.8-1ubuntu1

0.10.11-2ubuntu2

0.10.11-2ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}