CVE-2022-1049
pcs - security update
8.8
HIGH
CVSS 3.1
EPSS 0.27%
Description
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
How to fix CVE-2022-1049
To remediate CVE-2022-1049, upgrade the affected package to a fixed version below.
- —upgrade to 0.10.8-1+deb11u1 or later
- —upgrade to 0.10.1-2+deb10u1 or later
- —upgrade to 0.10.8-1+deb11u1 or later
Is CVE-2022-1049 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 0.10.8-1+deb11u1
- from 0, < 0.10.1-2+deb10u1
- from 0, < 0.10.8-1+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |