2 matches found
CVE-2020-35458
CVE-2020-35458 affects ClusterLabs Hawk 2.x up to 2.3.0-x. The flaw is a Ruby shell code injection via the hawk_remember_me_id parameter in the login_from_cookie cookie. This allows unauthenticated remote attackers to execute code as user hauser, leveraging the user logout routine. Red Hat and SU...
CVE-2021-3020
CVE-2021-3020 (ClusterLabs Hawk / HA Web Konsole) describes a privilege-escalation in Hawk up to version 2.3.0-15 where the setuid binary hawk_invoke can be used by hacluster to run commands as root, potentially spawning an interactive shell outside the allowed set. This leads to root elevation i...