CVE-2019-15522 — Csync2 vulnerability

7 documents5 sources

Severity

9.8CRITICALNVD

EPSS

0.5%

top 33.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linbit Csync2 Debian Csync2

Timeline

PublishedMar 20

Latest updateMay 24

Description

An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Debianlinbit/csync2< 2.0-25-gc0faaf9-1+3

▶NVDlinbit/csync22.0

▶debiandebian/csync2< csync2 2.0-25-gc0faaf9-1 (bookworm)

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-384j-hgrr-qp35: An issue was discovered in LINBIT csync2 through 2↗2022-05-24

▶

OSV

CVE-2019-15522: An issue was discovered in LINBIT csync2 through 2↗2020-03-20

▶

📋Vendor Advisories

Debian

CVE-2019-15522: csync2 - An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in da...↗2019

▶

💬Community

Bugzilla

CVE-2019-15522 csync2: csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL [epel-6]↗2020-04-29

▶

Bugzilla

CVE-2019-15522 csync2: csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL↗2020-04-29

▶

Bugzilla

CVE-2019-15522 csync2: csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL [fedora-all]↗2020-04-29

▶