Fluid Attacks Database

Description

A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	pcs	>=0 <0.11.3-1	0.11.3-1
debian 11	pcs	=0.10.8-1 \|\| >=0 <0.10.8-1+deb11u1	0.10.8-1+deb11u1
debian 12	pcs	>=0 <0.11.3-1	0.11.3-1
debian 13	pcs	>=0 <0.11.3-1	0.11.3-1
rpm rhel7	pcs	-	-
rpm rhel8	pcs	<0:0.10.14-5.el8	0:0.10.14-5.el8
rpm rhel9	pcs	<0:0.11.3-4.el9	0:0.11.3-4.el9

Aliases

1. CVE-2022-10492. NVD-2022-10493. OSV-DEBIAN-2022-10494. OSV-2022-10495. SECURITY-TRACKER-CVE-2022-1049

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.