CVE-2022-1049
published 2022-03-25CVE-2022-1049: A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when…
PriorityP357high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.82%
76.1th percentile
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clusterlabs | pcs | <= 0.11.2 | — |
| clusterlabs | pcs | — | — |
| clusterlabs | pcs | >= 0 < 0.10.8-1+deb11u1 | 0.10.8-1+deb11u1 |
| clusterlabs | pcs | >= 0 < 0.11.3-1 | 0.11.3-1 |
| clusterlabs | pcs | >= 0 < 0.11.3-1 | 0.11.3-1 |
| clusterlabs | pcs | >= 0 < 0.11.3-1 | 0.11.3-1 |
| clusterlabs | pcs | >= 0 < 0.9.149-1ubuntu1.1+esm1 | 0.9.149-1ubuntu1.1+esm1 |
| clusterlabs | pcs | >= 0 < 0.10.4-3ubuntu0.1~esm1 | 0.10.4-3ubuntu0.1~esm1 |
| clusterlabs | pcs | >= 0 < 0.10.11-2ubuntu3+esm1 | 0.10.11-2ubuntu3+esm1 |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | pcs | < pcs 0.11.3-1 (bookworm) | pcs 0.11.3-1 (bookworm) |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
pcs vulnerabilities
vendor_ubuntu·2025-07-02·CVSS 6.1
CVE-2022-2735 [MEDIUM] pcs vulnerabilities
Title: pcs vulnerabilities
Summary: Several security issues were fixed in pcs.
Cedric Buissart discovered that pcs did not correctly handle certain
parameters. An attacker could possibly use this issue to leak sensitive
information or elevate their privileges. This issue only affected
Ubuntu 16.04 LTS. (CVE-2018-1086)
Ondrej Mular discovered that pcs did not correctly handle Unix socket
permissions. An attacker could possibly use this issue to elevate their
privileges. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2735)
It was discovered that pcs did not correctly handle PAM authentication.
An attacker could possibly use this issue to bypass authentication
mechanisms. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-1049)
It was discovered that pcs did
Red Hat
pcs: improper authentication via PAM
vendor_redhat·2022-03-17·CVSS 8.8
CVE-2022-1049 [HIGH] CWE-287 pcs: improper authentication via PAM
pcs: improper authentication via PAM
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon allowed expired accounts and accounts with expired passwords to log in when using PAM authentication. Unprivileged, expired accounts with previously denied access could still log in.
Statement: This flaw has been rated as having a security impact of Moderate.
Package: pcs (Red Hat Enterprise Linux 7) - Out of support scope
Debian
CVE-2022-1049: pcs - A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was a...
vendor_debian·2022·CVSS 8.8
CVE-2022-1049 [HIGH] CVE-2022-1049: pcs - A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was a...
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
Scope: local
bookworm: resolved (fixed in 0.11.3-1)
bullseye: resolved (fixed in 0.10.8-1+deb11u1)
forky: resolved (fixed in 0.11.3-1)
sid: resolved (fixed in 0.11.3-1)
trixie: resolved (fixed in 0.11.3-1)
OSV
pcs vulnerabilities
osv·2025-07-02·CVSS 6.1
CVE-2018-1086 [MEDIUM] pcs vulnerabilities
pcs vulnerabilities
Cedric Buissart discovered that pcs did not correctly handle certain
parameters. An attacker could possibly use this issue to leak sensitive
information or elevate their privileges. This issue only affected
Ubuntu 16.04 LTS. (CVE-2018-1086)
Ondrej Mular discovered that pcs did not correctly handle Unix socket
permissions. An attacker could possibly use this issue to elevate their
privileges. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2735)
It was discovered that pcs did not correctly handle PAM authentication.
An attacker could possibly use this issue to bypass authentication
mechanisms. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-1049)
It was discovered that pcs did not correctly handle the validation of
Node names. An attack
GHSA
GHSA-hhh9-rwf2-2pp5: A flaw was found in the Pacemaker configuration tool (pcs)
ghsa_unreviewed·2022-03-26
CVE-2022-1049 [HIGH] CWE-287 GHSA-hhh9-rwf2-2pp5: A flaw was found in the Pacemaker configuration tool (pcs)
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
OSV
CVE-2022-1049: A flaw was found in the Pacemaker configuration tool (pcs)
osv·2022-03-25·CVSS 8.8
CVE-2022-1049 [HIGH] CVE-2022-1049: A flaw was found in the Pacemaker configuration tool (pcs)
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5https://lists.debian.org/debian-lts-announce/2022/09/msg00017.htmlhttps://www.debian.org/security/2022/dsa-5226https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5https://lists.debian.org/debian-lts-announce/2022/09/msg00017.htmlhttps://www.debian.org/security/2022/dsa-5226
2022-03-25
Published