发布时间: 2022年9月2日
修改时间: 2024年10月31日
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | High |
| Attack Vector | Network | Network |
| CVSS评分 | 8.8 | 8.8 |
| Attack Complexity | Low | Low |
| Privileges Required | Low | Low |
| Scope | Unchanged | Unchanged |
| Integrity | High | High |
| User Interaction | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-2000 | pcs security update | 2022年9月2日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | pcs | Fixed |
| KY3.4-5 | pcs | Fixed |
| KY3.5.1 | pcs | Fixed |
