vulnerability
Red Hat: CVE-2010-2496: cluster-glue: passes the stonith parameters via the commandline which could result in password leaks
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Oct 18, 2021 | Jul 9, 2025 | Jul 9, 2025 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
Oct 18, 2021
Added
Jul 9, 2025
Modified
Jul 9, 2025
Description
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.
Solution
no-fix-redhat-rpm-package
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.