CVE-2018-16877
Severity
7.8HIGH
EPSS
0.0%
top 88.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 18
Latest updateMay 24
Description
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages5 packages
Also affects: Debian Linux 9.0, Fedora 28, 29, 30, Ubuntu Linux 16.04, 18.04, 18.10, 19.04, Enterprise Linux 8.0, 8.1, 8.2, 8.4, 8.6
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-5jf9-5f49-xqr5: A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2↗2022-05-24
OSV▶
CVE-2018-16877: A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2↗2019-04-18
CVEList▶
CVE-2018-16877: A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2↗2019-04-18
📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc [openstack-rdo]↗2019-05-04
Bugzilla
▶
Bugzilla▶
CVE-2018-16878 pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS↗2018-12-10
Bugzilla▶
CVE-2018-16877 pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc↗2018-11-22