fence-agents 代码注入漏洞

fence-agents is an open source agent program from ClusterLabs that supports remote power management of clustered devices. A code injection vulnerability exists in fence-agents that stems from allowing remote code execution, which in turn leads to elevation of privilege...

The vulnerability of the gcry_md_get_algo_dlen() function in ClusterLabs Booth’s high-availability cluster management and monitoring software allows a attacker to perform an invalid HMAC.

The vulnerability of the gcrymdgetalgodlen function in ClusterLabs Booth’s high-availability cluster management and monitoring software is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow an attacker operating remotely to generate invalid HMACs...

booth Data forgery vulnerability

booth is an open source ticket manager from ClusterLabs. Booth suffers from a Data Forgery Issue vulnerability that stems from the fact that a specially crafted hash, if passed to gcrymdgetalgodlen, could allow the Booth server to accept an invalid HMAC...

DEBIAN-CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

UBUNTU-CVE-2020-35459

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" when "crm" is run were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges...

UBUNTU-CVE-2017-2661

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster...