An issue exists in ClusterLabs Hawk 2.x up to and including 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote malicious users to execute code as hauser.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
clusterlabs hawk 2.2.0-12 |
||
clusterlabs hawk 2.3.0-12 |