vulnerability

Red Hat: CVE-2010-2496: cluster-glue: passes the stonith parameters via the commandline which could result in password leaks

Name: Red Hat: CVE-2010-2496: cluster-glue: passes the stonith parameters via the commandline which could result in password leaks
Creator: Red Hat
Published: 2021-10-18T00:00:00.000Z
Keywords: CVE, Red Hat, 2010, 2496, cluster, no-fix-redhat-rpm-package, Severity 2

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Oct 18, 2021

Added

Jul 9, 2025

Modified

Jul 9, 2025

Description

stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.

Solution

no-fix-redhat-rpm-package

References

NVD-CVE-2010-2496

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report