CVE-2020-25654

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
clusterlabspacemaker
𝑥
< 1.1.23
clusterlabspacemaker
2.0.0 ≤
𝑥
< 2.0.3
clusterlabspacemaker
2.0.5:rc1
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pacemaker
bookworm
2.1.5-1+deb12u1
fixed
bullseye
2.0.5-2
fixed
sid
2.1.8-1
fixed
trixie
2.1.8-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pacemaker
bionic
Fixed 1.1.18-0ubuntu1.3
released
focal
Fixed 2.0.3-3ubuntu4.1
released
groovy
Fixed 2.0.4-2ubuntu3.1
released
trusty
dne
xenial
Fixed 1.1.14-2ubuntu1.9
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
pacemaker
RHEL 7
0:1.1.23-1.el7_9.1
fixed
RHEL 8
0:2.0.4-6.el8_3.1
fixed
RHEL 8.2 AUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 E4S
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 EUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 TUS
0:2.0.3-5.el8_2.3
fixed
pacemaker-cli
RHEL 7
0:1.1.23-1.el7_9.1
fixed
RHEL 8
0:2.0.4-6.el8_3.1
fixed
RHEL 8.2 AUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 E4S
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 EUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 TUS
0:2.0.3-5.el8_2.3
fixed
pacemaker-cluster-libs
RHEL 7
0:1.1.23-1.el7_9.1
fixed
RHEL 8
0:2.0.4-6.el8_3.1
fixed
RHEL 8.2 AUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 E4S
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 EUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 TUS
0:2.0.3-5.el8_2.3
fixed
pacemaker-cts
RHEL 7
0:1.1.23-1.el7_9.1
fixed
RHEL 8
0:2.0.4-6.el8_3.1
fixed
RHEL 8.2 AUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 E4S
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 EUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 TUS
0:2.0.3-5.el8_2.3
fixed
pacemaker-doc
RHEL 7
0:1.1.23-1.el7_9.1
fixed
RHEL 8
0:2.0.4-6.el8_3.1
fixed
RHEL 8.2 AUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 E4S
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 EUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 TUS
0:2.0.3-5.el8_2.3
fixed
pacemaker-libs
RHEL 7
0:1.1.23-1.el7_9.1
fixed
RHEL 8
0:2.0.4-6.el8_3.1
fixed
RHEL 8.2 AUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 E4S
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 EUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 TUS
0:2.0.3-5.el8_2.3
fixed
pacemaker-libs-devel
RHEL 7
0:1.1.23-1.el7_9.1
fixed
RHEL 8
0:2.0.4-6.el8_3.1
fixed
RHEL 8.2 AUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 E4S
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 EUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 TUS
0:2.0.3-5.el8_2.3
fixed
pacemaker-nagios-plugins-metadata
RHEL 7
0:1.1.23-1.el7_9.1
fixed
RHEL 8
0:2.0.4-6.el8_3.1
fixed
RHEL 8.2 AUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 E4S
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 EUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 TUS
0:2.0.3-5.el8_2.3
fixed
pacemaker-remote
RHEL 7
0:1.1.23-1.el7_9.1
fixed
RHEL 8
0:2.0.4-6.el8_3.1
fixed
RHEL 8.2 AUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 E4S
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 EUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 TUS
0:2.0.3-5.el8_2.3
fixed
pacemaker-schemas
RHEL 8
0:2.0.4-6.el8_3.1
fixed
RHEL 8.2 AUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 E4S
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 EUS
0:2.0.3-5.el8_2.3
fixed
RHEL 8.2 TUS
0:2.0.3-5.el8_2.3
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
pacemaker
Amazon Linux 2
0:1.1.23-1.amzn2.1
fixed
pacemaker-cli
Amazon Linux 2
0:1.1.23-1.amzn2.1
fixed
pacemaker-cluster-libs
Amazon Linux 2
0:1.1.23-1.amzn2.1
fixed
pacemaker-cts
Amazon Linux 2
0:1.1.23-1.amzn2.1
fixed
pacemaker-debuginfo
Amazon Linux 2
0:1.1.23-1.amzn2.1
fixed
pacemaker-doc
Amazon Linux 2
0:1.1.23-1.amzn2.1
fixed
pacemaker-libs
Amazon Linux 2
0:1.1.23-1.amzn2.1
fixed
pacemaker-libs-devel
Amazon Linux 2
0:1.1.23-1.amzn2.1
fixed
pacemaker-nagios-plugins-metadata
Amazon Linux 2
0:1.1.23-1.amzn2.1
fixed
pacemaker-remote
Amazon Linux 2
0:1.1.23-1.amzn2.1
fixed