CVE-2020-25654
Publication date 27 October 2020
Last updated 24 July 2024
Ubuntu priority
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| pacemaker | ||
| 20.04 LTS focal |
Fixed 2.0.3-3ubuntu4.1
|
|
| 18.04 LTS bionic |
Fixed 1.1.18-0ubuntu1.3
|
|
| 16.04 LTS xenial |
Fixed 1.1.14-2ubuntu1.9
|
|
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.2 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | High |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4623-1
- Pacemaker vulnerability
- 9 November 2020