CVE-2020-25654
published 2020-11-24CVE-2020-25654: An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various…
PriorityP343high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.00%
78.3th percentile
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clusterlabs | pacemaker | < 1.1.23 | 1.1.23 |
| clusterlabs | pacemaker | — | — |
| clusterlabs | pacemaker | — | — |
| clusterlabs | pacemaker | >= 0 < 2.0.5~rc2-1 | 2.0.5~rc2-1 |
| clusterlabs | pacemaker | >= 0 < 2.0.5~rc2-1 | 2.0.5~rc2-1 |
| clusterlabs | pacemaker | >= 0 < 2.0.5~rc2-1 | 2.0.5~rc2-1 |
| clusterlabs | pacemaker | >= 0 < 2.0.5~rc2-1 | 2.0.5~rc2-1 |
| clusterlabs | pacemaker | >= 2.0.0 < 2.0.3 | 2.0.3 |
| debian | debian_linux | — | — |
| debian | pacemaker | < pacemaker 2.0.5~rc2-1 (bookworm) | pacemaker 2.0.5~rc2-1 (bookworm) |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3q2f-h5rm-7qv7: An ACL bypass flaw was found in pacemaker before 1
ghsa_unreviewed·2022-05-24
CVE-2020-25654 [HIGH] CWE-284 GHSA-3q2f-h5rm-7qv7: An ACL bypass flaw was found in pacemaker before 1
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
OSV
CVE-2020-25654: An ACL bypass flaw was found in pacemaker
osv·2020-11-24·CVSS 7.2
CVE-2020-25654 [HIGH] CVE-2020-25654: An ACL bypass flaw was found in pacemaker
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
Ubuntu
Pacemaker vulnerability
vendor_ubuntu·2020-11-09
CVE-2020-25654 Pacemaker vulnerability
Title: Pacemaker vulnerability
Summary: Pacemaker could be made to run programs as an administrator.
Ken Gaillot discovered that Pacemaker incorrectly handled IPC
communications permissions. A local attacker could possibly use this issue
to bypass ACL restrictions and execute arbitrary code as root.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
pacemaker: ACL restrictions bypass
vendor_redhat·2020-10-27·CVSS 7.2
CVE-2020-25654 [HIGH] CWE-284 pacemaker: ACL restrictions bypass
pacemaker: ACL restrictions bypass
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
An ACL bypass flaw was found in Pacemaker. This flaw allows an attacker with a local account on the cluster and in the haclient group to use IPC communication with various daemons to directly perform certain tasks that would be prevented if they had gone through configured ACLs. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Statement: Red Hat Gluster Storage 3 no longer maintains its own version of Pacemak
Debian
CVE-2020-25654: pacemaker - An ACL bypass flaw was found in pacemaker. An attacker having a local account on...
vendor_debian·2020·CVSS 7.2
CVE-2020-25654 [HIGH] CVE-2020-25654: pacemaker - An ACL bypass flaw was found in pacemaker. An attacker having a local account on...
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
Scope: local
bookworm: resolved (fixed in 2.0.5~rc2-1)
bullseye: resolved (fixed in 2.0.5~rc2-1)
forky: resolved (fixed in 2.0.5~rc2-1)
sid: resolved (fixed in 2.0.5~rc2-1)
trixie: resolved (fixed in 2.0.5~rc2-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-25654 pacemaker: ACL restrictions bypass [openstack-rdo]
bugzilla·2020-10-27·CVSS 7.2
CVE-2020-25654 [HIGH] CVE-2020-25654 pacemaker: ACL restrictions bypass [openstack-rdo]
CVE-2020-25654 pacemaker: ACL restrictions bypass [openstack-rdo]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of openstack-rdo.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
RDO Consumes pacemaker from CentOS8 HighAvailabi
Bugzilla
CVE-2020-25654 pacemaker: ACL restrictions bypass [fedora-all]
bugzilla·2020-10-27·CVSS 7.2
CVE-2020-25654 [HIGH] CVE-2020-25654 pacemaker: ACL restrictions bypass [fedora-all]
CVE-2020-25654 pacemaker: ACL restrictions bypass [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. Whi
Bugzilla
CVE-2020-25654 pacemaker: ACL restrictions bypass
bugzilla·2020-10-14·CVSS 7.2
CVE-2020-25654 [HIGH] CVE-2020-25654 pacemaker: ACL restrictions bypass
CVE-2020-25654 pacemaker: ACL restrictions bypass
An acl bypass flaw was found in pacemaker. When ACLs are not in use, any user in the haclient group has full access to the configuration, which effectively gives them the ability to run any code as root.
When ACLs are in use, users still must be in the haclient group, but their read and write access to various parts of the configuration is limited by configured ACLs.
The vulnerability is that users may use IPC communication with the various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
Discussion:
Created attachment 1722698
Fix for pacemaker CVE-2020-25654 (upstream master branch as of 2020-10-18)
---
Created attachment 1722699
Fix for pacemaker CVE-2
https://bugzilla.redhat.com/show_bug.cgi?id=1888191https://lists.clusterlabs.org/pipermail/users/2020-October/027840.htmlhttps://lists.debian.org/debian-lts-announce/2021/01/msg00007.htmlhttps://seclists.org/oss-sec/2020/q4/83https://security.gentoo.org/glsa/202309-09https://bugzilla.redhat.com/show_bug.cgi?id=1888191https://lists.clusterlabs.org/pipermail/users/2020-October/027840.htmlhttps://lists.debian.org/debian-lts-announce/2021/01/msg00007.htmlhttps://seclists.org/oss-sec/2020/q4/83https://security.gentoo.org/glsa/202309-09
2020-11-24
Published