cbcvebase.
CVE-2022-1049
published 2022-03-25

CVE-2022-1049: A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when…

PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.82%
76.1th percentile
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.

Affected

12 ranges
VendorProductVersion rangeFixed in
clusterlabspcs<= 0.11.2
clusterlabspcs
clusterlabspcs>= 0 < 0.10.8-1+deb11u10.10.8-1+deb11u1
clusterlabspcs>= 0 < 0.11.3-10.11.3-1
clusterlabspcs>= 0 < 0.11.3-10.11.3-1
clusterlabspcs>= 0 < 0.11.3-10.11.3-1
clusterlabspcs>= 0 < 0.9.149-1ubuntu1.1+esm10.9.149-1ubuntu1.1+esm1
clusterlabspcs>= 0 < 0.10.4-3ubuntu0.1~esm10.10.4-3ubuntu0.1~esm1
clusterlabspcs>= 0 < 0.10.11-2ubuntu3+esm10.10.11-2ubuntu3+esm1
debiandebian_linux
debiandebian_linux
debianpcs< pcs 0.11.3-1 (bookworm)pcs 0.11.3-1 (bookworm)

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu6.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.