Clusterlabs Hawk vulnerabilities
2 known vulnerabilities affecting clusterlabs/hawk.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2020-35458P2CRITICALCVSS 9.8v2.2.0-12v2.3.0-122021-01-12
CVE-2020-35458 [CRITICAL] CWE-78 CVE-2020-35458: An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injectio
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser.
nvd
CVE-2021-3020P3HIGHCVSS 8.8≤ 2.3.0-152022-08-26
CVE-2021-3020 [HIGH] CWE-269 CVE-2021-3020: An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the bina
An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "
nvd