Vulnerabilities > Clusterlabs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-06 | CVE-2022-2735 | Incorrect Default Permissions vulnerability in multiple products A vulnerability was found in the PCS project. | 7.8 |
| 2022-08-26 | CVE-2021-3020 | Improper Privilege Management vulnerability in Clusterlabs Hawk An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. | 8.8 |
| 2022-03-25 | CVE-2022-1049 | Improper Authentication vulnerability in multiple products A flaw was found in the Pacemaker configuration tool (pcs). | 8.8 |
| 2021-01-12 | CVE-2020-35459 | Improper Privilege Management vulnerability in multiple products An issue was discovered in ClusterLabs crmsh through 4.2.1. | 7.2 |
| 2020-11-24 | CVE-2020-25654 | An ACL bypass flaw was found in pacemaker. | 7.2 |
| 2019-04-18 | CVE-2019-3885 | Use After Free vulnerability in multiple products A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. | 7.5 |
| 2019-04-18 | CVE-2018-16877 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. | 7.8 |
| 2018-09-10 | CVE-2016-7035 | Improper Authorization vulnerability in multiple products An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. | 7.8 |
| 2017-04-21 | CVE-2016-0721 | Session Fixation vulnerability in multiple products Session fixation vulnerability in pcsd in pcs before 0.9.157. | 8.1 |
| 2017-04-21 | CVE-2016-0720 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | 8.8 |