Vulnerabilities > CVE-2019-15522 - Unspecified vulnerability in Linbit Csync2 1.34/2.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

linbit

critical

NVD

Published: 2020-03-20

Updated: 2020-10-14

Summary

An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.

Vulnerable Configurations

Part	Description	Count
Application	Linbit Linbit Csync2 - Linbit Csync2 1.34 Linbit Csync2 2.0	3

References

https://github.com/LINBIT/csync2/commit/416f1de878ef97e27e27508914f7ba8599a0be22