← back
CVE-2022-1049

CVE-2022-1049

EPSS 1.8%CWE-287
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
25 Mar 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
Affected products
n/a · clusterlabs/pcs

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5https://lists.debian.org/debian-lts-announce/2022/09/msg00017.htmlhttps://www.debian.org/security/2022/dsa-5226