Bug 2066629 (CVE-2022-1049)
| Summary: | CVE-2022-1049 pcs: improper authentication via PAM | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | anprice, cfeist, cluster-maint, idevat, kmalyjur, mlisik, mpospisi, omular, tojeline |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon allowed expired accounts and accounts with expired passwords to log in when using PAM authentication. Unprivileged, expired accounts with previously denied access could still log in.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-12-04 18:20:37 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2068452, 2068456, 2068457 | ||
| Bug Blocks: | 2063741, 2066708 | ||
|
Description
TEJ RATHI
2022-03-22 08:22:04 UTC
Created pcs tracking bugs for this issue: Affects: fedora-all [bug 2068452] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2022:7447 https://access.redhat.com/errata/RHSA-2022:7447 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7935 https://access.redhat.com/errata/RHSA-2022:7935 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-1049 |