发布时间: 2022年9月9日
修改时间: 2024年10月31日
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Network | Network |
| CVSS评分 | 7.2 | 7.2 |
| Attack Complexity | Low | Low |
| Privileges Required | High | High |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-2017 | pacemaker security update | 2022年9月9日 |
| KylinSec-SA-2022-2024 | pacemaker security update | 2022年9月9日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | pacemaker | Fixed |
| KY3.4-5 | pacemaker | Fixed |
