Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2022-1049

A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.

Related bugs and status

CVE-2022-1049 (Candidate) is related to these bugs:

Bug #1953341: [MIR] make pcs the default management tool for Corosync/Pacemaker clusters

Summary				In	Importance	Status
	1953341	[MIR] make pcs the default management tool for Corosync/Pacemaker clusters		pcs (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://huntr.dev/boun...
MISC: https://www.debian.org...
MISC: https://lists.debian.o...