cbcvebase.
CVE-2020-25654
published 2020-11-24

CVE-2020-25654: An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various…

PriorityP343high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.00%
78.3th percentile
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.

Affected

10 ranges
VendorProductVersion rangeFixed in
clusterlabspacemaker< 1.1.231.1.23
clusterlabspacemaker
clusterlabspacemaker
clusterlabspacemaker>= 0 < 2.0.5~rc2-12.0.5~rc2-1
clusterlabspacemaker>= 0 < 2.0.5~rc2-12.0.5~rc2-1
clusterlabspacemaker>= 0 < 2.0.5~rc2-12.0.5~rc2-1
clusterlabspacemaker>= 0 < 2.0.5~rc2-12.0.5~rc2-1
clusterlabspacemaker>= 2.0.0 < 2.0.32.0.3
debiandebian_linux
debianpacemaker< pacemaker 2.0.5~rc2-1 (bookworm)pacemaker 2.0.5~rc2-1 (bookworm)

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.