Lucene search
GoogleOSV:CVE-2020-35458HistoryJan 12, 2021 - 3:15 p.m.
CVE-2020-35458
2021-01-1215:15:13
Google
osv.dev
7
clusterlabs hawk
ruby shell code
injection
login cookie
remote attackers
hauser
cve-2020-35458
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser.
Related
prion
prion
Code injection
2021-01-12 15:15:00
nessus
nessus
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0089-1)
2024-01-26 00:00:00
SUSE SLES12 Security Update : hawk2 (SUSE-SU-2021:0198-1)
2024-01-26 00:00:00
openSUSE Security Update : hawk2 (openSUSE-2021-147)
2021-01-25 00:00:00
openvas
openvas
openSUSE: Security Advisory for hawk2 (openSUSE-SU-2021:0054-1)
2021-04-16 00:00:00
openSUSE: Security Advisory for hawk2 (openSUSE-SU-2021:0074-1)
2021-04-16 00:00:00
openSUSE: Security Advisory for hawk2 (openSUSE-SU-2021:0144-1)
2021-04-16 00:00:00
suse
suse
Security update for hawk2 (critical)
2021-01-23 00:00:00
Security update for hawk2 (important)
2021-01-13 00:00:00
Security update for hawk2 (critical)
2021-01-24 00:00:00
cve
cve
CVE-2020-35458
2021-01-12 15:15:13
cvelist
cvelist
CVE-2020-35458
2021-01-12 14:21:23
nvd
nvd
CVE-2020-35458
2021-01-12 15:15:13
osv
osv
hawk2-2.6.4+git.1682509819.1ff135ea-1.1 on GA media
2024-06-15 00:00:00