Bug 1974363 (CVE-2010-2496)
Summary: | CVE-2010-2496 cluster-glue: passes the stonith parameters via the commandline which could result in password leaks | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | cfeist, cluster-maint |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | cluster-glue 1.0.6 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in cluster-glue, where the stonith-ng function in cluster-glue passed passwords as command line parameters. This flaw allows local attackers to gain access to passwords of the HA stack and potentially influence its operations. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-06-21 15:04:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1974371 |
Description
Michael Kaplan
2021-06-21 13:22:13 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2010-2496 |