CVE-2022-1049

Advisory lineage Upstream: 0 Downstream: 7

Downstream

DEBIAN-CVE-2022-1049 DLA-3108-1 DSA-5226-1 RHSA-2022:7447 RHSA-2022:7935 UBUNTU-CVE-2022-1049

Modified

Published: 25 Mar 2022, 18:03

Last modified:02 Aug 2024, 23:47

Vulnerability Summary

Overall Risk (default)

medium

45/100

CVSS Score

8.8 HIGH

v3.1 (nvd)

EPSS Score

0.27% LOW

0% probability -0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

25 Mar 2022, 18:03

Published

Vulnerability first disclosed

02 Aug 2024, 23:47

Last Modified

Vulnerability information updated

Description

A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.

CVSS Metrics

v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 6.5AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.27%• Percentile: 51%

Techniques & Countermeasures

CWE-287•Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Systems

clusterlabs•pcs
≤ 0.11.2
debian•debian_linux
10.0 | 11.0