Published: 12/01/2021 Updated: 21/07/2021

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

An issue exists in ClusterLabs Hawk 2.x up to and including 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote malicious users to execute code as hauser.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clusterlabs hawk 2.3.0-12
clusterlabs hawk 2.2.0-12

Hi folks, We have received reports of 2 security issues for hawk and crmsh These hawk and crmsh projects refer to distros@ for their disclosure work These issues were reported to SUSE by Vincent Berg of Anvil Ventures 1 Remote unauthenticated shell injection into the Hawk webserver Hawk is a High Availability specific webconsole with its ...

CWE-78 https://www.openwall.com/lists/oss-security/2021/01/12/3 https://bugzilla.suse.com/show_bug.cgi?id=1179998 https://github.com/ClusterLabs/hawk/releases http://www.openwall.com/lists/oss-security/2021/01/12/3 https://nvd.nist.gov http://seclists.org/oss-sec/2021/q1/22

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-35458

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect