CVE-2022-1049 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-1049 Interim 1 4 2025-02-16T03:31:02Z current 2023-10-31T00:22:12Z 2025-02-16T03:31:02Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-1049 A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 SUSE Liberty Linux 9 pcs-0.10.14-5.el8 pcs-0.11.3-4.el9 pcs-snmp-0.10.14-5.el8 pcs-snmp-0.11.3-4.el9 pcs-0.10.14-5.el8 as a component of SUSE Liberty Linux 8 pcs-snmp-0.10.14-5.el8 as a component of SUSE Liberty Linux 8 pcs-0.11.3-4.el9 as a component of SUSE Liberty Linux 9 pcs-snmp-0.11.3-4.el9 as a component of SUSE Liberty Linux 9 A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. CVE-2022-1049 SUSE Liberty Linux 8:pcs-0.10.14-5.el8 SUSE Liberty Linux 8:pcs-snmp-0.10.14-5.el8 SUSE Liberty Linux 9:pcs-0.11.3-4.el9 SUSE Liberty Linux 9:pcs-snmp-0.11.3-4.el9 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H