CVE-2020-25654
HIGH7.2EPSS 0.09%pacemaker - security update
發布日:2020/11/24修改日:2026/4/28
描述
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
受影響套件(2)
- Debian/pacemakerfrom 0, < 2.0.5~rc2-1
- Debian/pacemakerfrom 0, < 2.0.1-5+deb10u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |