Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ClusterLabs Hawk 代码注入漏洞
Vulnerability Description
Clusterlabs Crmsh是ClusterLabs(Clusterlabs)团队的一个适用于GNU/Linux系统用于高可用性集群管理的命令行软件。 ClusterLabs Hawk 2.x到2.3.0-x 存在代码注入漏洞,该漏洞源于login_from_cookie cookie 中的 hawk_remember_me_id中存在一个Ruby 代码注入,未校验的攻击者可通过用户退出登录过程中引起代码执行。
CVSS Information
N/A
Vulnerability Type
N/A