Vulnerabilities > Clusterlabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-06 | CVE-2024-3049 | Insufficient Verification of Data Authenticity vulnerability in multiple products A flaw was found in Booth, a cluster ticket manager. | 5.9 |
| 2023-08-08 | CVE-2023-39976 | Classic Buffer Overflow vulnerability in Clusterlabs Libqb log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. | 9.8 |
| 2023-05-17 | CVE-2023-2319 | It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. | 9.8 |
| 2022-09-06 | CVE-2022-2735 | Incorrect Default Permissions vulnerability in multiple products A vulnerability was found in the PCS project. | 7.8 |
| 2022-08-26 | CVE-2021-3020 | Improper Privilege Management vulnerability in Clusterlabs Hawk An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. | 8.8 |
| 2022-07-28 | CVE-2022-2553 | Improper Authentication vulnerability in multiple products The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. | 6.5 |
| 2022-03-25 | CVE-2022-1049 | Improper Authentication vulnerability in multiple products A flaw was found in the Pacemaker configuration tool (pcs). | 8.8 |
| 2021-10-18 | CVE-2010-2496 | Improper Authentication vulnerability in Clusterlabs Cluster Glue and Pacemaker stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. | 2.1 |
| 2021-01-12 | CVE-2020-35459 | Improper Privilege Management vulnerability in multiple products An issue was discovered in ClusterLabs crmsh through 4.2.1. | 7.2 |
| 2021-01-12 | CVE-2020-35458 | Code Injection vulnerability in Clusterlabs Hawk 2.2.012/2.3.012 An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. | 10.0 |