CVE-2022-1049

CWE-287Improper Authentication8 documents7 sources
Severity
8.8HIGH
EPSS
0.3%
top 49.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Clusterlabs PCSDebian Debian Linux
Timeline
PublishedMar 25
Latest updateJul 2

Description

A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Debianpcs< 0.10.8-1+deb11u1+3
NVDclusterlabs/pcs0.11.2
CVEListV5clusterlabs/pcspcs versions <= v0.11.2

Also affects: Debian Linux 10.0, 11.0

🔴Vulnerability Details

4
OSV
pcs vulnerabilities2025-07-02
GHSA
GHSA-hhh9-rwf2-2pp5: A flaw was found in the Pacemaker configuration tool (pcs)2022-03-26
OSV
CVE-2022-1049: A flaw was found in the Pacemaker configuration tool (pcs)2022-03-25
CVEList
CVE-2022-1049: A flaw was found in the Pacemaker configuration tool (pcs)2022-03-25

📋Vendor Advisories

3
Ubuntu
pcs vulnerabilities2025-07-02
Red Hat
pcs: improper authentication via PAM2022-03-17
Debian
CVE-2022-1049: pcs - A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was a...2022
CVE-2022-1049 (HIGH CVSS 8.8) | A flaw was found in the Pacemaker c | cvebase.io