2 matches found
CVE-2023-27486 Insufficient authorization validation between zones when xCAT zones are enabled
xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management...
CVE-2023-27486
CVE-2023-27486 affects xCAT prior to 2.16.5. When zones are enabled for cluster security, a local root user on a node can obtain credentials to SSH to any node across zones (excluding the default-zone management node). The issue is resolved in xCAT 2.16.5. If upgrading is not possible, mitigation...