An issue exists in ClusterLabs crmsh up to and including 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
clusterlabs crmsh |
||
debian debian linux 9.0 |