CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-35458

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0690%
EPSS Percentile16.76th
Published2021年1月12日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser.

Affected Platforms (CPE)

📦
Clusterlabs

Hawk

= 2.2.0-12
📦
Clusterlabs

Hawk

= 2.3.0-12

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2021/01/12/3
🔗 https://bugzilla.suse.com/show_bug.cgi?id=1179998
🔗 https://github.com/ClusterLabs/hawk/releases
🔗 https://www.openwall.com/lists/oss-security/2021/01/12/3
🔗 http://www.openwall.com/lists/oss-security/2021/01/12/3
🔗 https://bugzilla.suse.com/show_bug.cgi?id=1179998
🔗 https://github.com/ClusterLabs/hawk/releases
🔗 https://www.openwall.com/lists/oss-security/2021/01/12/3

関連する脆弱性情報

CVE-2008-333810.0

Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk bef...

CVE-2021-30208.8

An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from too...

CVE-2002-08787.5

SQL injection vulnerability in the login form for LogiSense software including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Mana...

CVE-2004-16377.5

The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, wh...