vulnerability
SUSE: CVE-2020-35459: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Jan 12, 2021 | Jan 14, 2021 | Oct 22, 2021 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Jan 12, 2021
Added
Jan 14, 2021
Modified
Oct 22, 2021
Description
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.
Solution(s)
suse-upgrade-crmshsuse-upgrade-crmsh-scriptssuse-upgrade-crmsh-testsuse-upgrade-hawk2
References
- SUSE-SUSE-SU-2021:0083-1
- SUSE-SUSE-SU-2021:0084-1
- SUSE-SUSE-SU-2021:0085-1
- SUSE-SUSE-SU-2021:0086-1
- SUSE-SUSE-SU-2021:0087-1
- SUSE-SUSE-SU-2021:0722-1
- SUSE-SUSE-SU-2021:0771-1
- SUSE-SUSE-SU-2021:0781-1
- SUSE-SUSE-SU-2021:0782-1
- SUSE-SUSE-SU-2021:0806-1
- SUSE-SUSE-SU-2021:0941-1
- SUSE-SUSE-SU-2021:0942-1
- SUSE-SUSE-SU-2021:0943-1
- SUSE-SUSE-SU-2021:2238-1
- SUSE-SUSE-SU-2021:2239-1
- SUSE-SUSE-SU-2021:2435-1
- SUSE-SUSE-SU-2021:3121-1
- NVD-CVE-2020-35459
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.