Bug 27832

Summary: [Update Request] pacemaker CVE-2020-25654
Product: Mageia Reporter: Zombie Ryushu <zombie_ryushu>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2020-25654
Whiteboard:
Source RPM: pacemaker-1.1.19-2.2.mga7.src CVE:
Status comment:

Description Zombie Ryushu 2020-12-15 16:59:07 CET
An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.
Comment 1 David Walser 2020-12-15 17:12:03 CET
Already reported and FIXED!

*** This bug has been marked as a duplicate of bug 27472 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED