CVE-2020-35459
Description
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call crm history (when crm is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.045
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-35459 are affected in Python-crmsh 2.2.1 | Windows |
| CRM shell for the pacemaker cluster manager (USN-6711-1) crmsh_4.2.0-2ubuntu1.1_all.deb | Linux |
| Vulnerabilities CVE-2020-35459 are affected in Python-crmsh for linux 2.2.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234