Description
An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://github.com/LINBIT/csync2/commit/416f1de878ef97e27e27508914f7ba8599a0be22
Scores
CVSS v3
9.8
EPSS
0.0185
EPSS Percentile
76.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
linbit/csync2
< 2.0
Published
Mar 20, 2020
Tracked Since
Feb 18, 2026