An ACL bypass flaw was found in pacemaker before 1.1.24...
High severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Sep 29, 2023
Description
Published by the National Vulnerability Database
Nov 24, 2020
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Sep 29, 2023
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
References