Clusterlabs Pacemaker
By the Year
In 2024 there have been 0 vulnerabilities in Clusterlabs Pacemaker . Pacemaker did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 5.50 |
| 2020 | 1 | 7.20 |
| 2019 | 3 | 6.93 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Pacemaker vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Clusterlabs Pacemaker Security Vulnerabilities
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters
CVE-2010-2496
5.5 - Medium
- October 18, 2021
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.
authentification
An ACL bypass flaw was found in pacemaker
CVE-2020-25654
7.2 - High
- November 24, 2020
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked
CVE-2019-3885
7.5 - High
- April 18, 2019
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
Dangling pointer
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0
CVE-2018-16877
7.8 - High
- April 18, 2019
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
A flaw was found in pacemaker up to and including version 2.0.1
CVE-2018-16878
5.5 - Medium
- April 18, 2019
A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS
Resource Exhaustion
Pacemaker before 1.1.13 does not properly evaluate added nodes, which
CVE-2015-1867
- August 12, 2015
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
Permissions, Privileges, and Access Controls
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Clusterlabs Pacemaker or by Clusterlabs? Click the Watch button to subscribe.
