CVE-2020-35459
HIGHcrmsh < 4.2.1 - Authenticated OS Command Injection via crm history Command
Title source: llmDescription
An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.
References (6)
Core 6
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.suse.com/show_bug.cgi?id=1179999
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/ClusterLabs/crmsh/releases
Exploit, Mailing List, Third Party Advisory x_refsource_confirm
https://www.openwall.com/lists/oss-security/2021/01/12/3
Patch, Third Party Advisory x_refsource_misc
https://github.com/ClusterLabs/crmsh/blob/a403aa15f3ea575adfe5e43bf2a31c9f9094fcda/crmsh/history.py#L476
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2021/01/12/3
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/01/msg00021.html
Scores
CVSS v3
7.8
EPSS
0.0067
EPSS Percentile
47.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (3)
clusterlabs/crmsh
< 4.2.1
debian/debian_linux
9.0
pypi/crmsh
0PyPI
Published
Jan 12, 2021
Tracked Since
Feb 18, 2026