Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient authorization validation between zones when xCAT zones are enabled
Vulnerability Description
xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
xCAT 安全漏洞
Vulnerability Description
xCAT是为 HPC 集群、渲染农场、网格、网络农场、在线游戏基础设施、云、数据中心提供完整管理的工具集。 xCAT 2.16.5之前版本存在安全漏洞,该漏洞源于如果区域被配置为集群安全机制,那么一个节点的本地root用户可以获得凭据以通过SSH连接到任何区域中的任何节点。
CVSS Information
N/A
Vulnerability Type
N/A