Vulnerability Details : CVE-2021-3020
An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root.
Products affected by CVE-2021-3020
- cpe:2.3:a:clusterlabs:hawk:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3020
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3020
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2021-3020
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-3020
-
https://github.com/ClusterLabs/hawk/releases
Releases · ClusterLabs/hawk · GitHubRelease Notes;Third Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1180571
Access DeniedPermissions Required
-
https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82
Fix: bootstrap: setup authorized ssh access for hacluster(CVE-2020-35… · ClusterLabs/crmsh@c538024 · GitHubPatch;Third Party Advisory
Jump to