CVE-2021-3020 - OpenCVE

An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Clusterlabs	Hawk

Configuration 1 [-]

cpe:2.3:a:clusterlabs:hawk:*:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=1180571	Permissions Required
https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82	Patch Third Party Advisory
https://github.com/ClusterLabs/hawk/releases	Release Notes Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-08-25T23:32:32

Updated: 2022-08-25T23:32:32

Reserved: 2021-01-05T00:00:00

Link: CVE-2021-3020

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-26T00:15:08.773

Modified: 2023-08-08T14:22:24.967

Link: CVE-2021-3020

JSON object: View

Redhat Information

No data.

CWE

CWE-269

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive \"shell\" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-25T23:32:32", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/ClusterLabs/hawk/releases"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1180571"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-3020", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive \"shell\" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ClusterLabs/hawk/releases", "refsource": "MISC", "url": "https://github.com/ClusterLabs/hawk/releases"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1180571", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1180571"}, {"name": "https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82", "refsource": "MISC", "url": "https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3020", "datePublished": "2022-08-25T23:32:32", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2022-08-25T23:32:32", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clusterlabs:hawk:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB239D06-C0CE-4BAB-9974-D872E9D3E167", "versionEndIncluding": "2.3.0-15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive \"shell\" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root."}, {"lang": "es", "value": "Se ha detectado un problema en ClusterLabs Hawk (tambi\u00e9n se conoce como HA Web Konsole) hasta la versi\u00f3n 2.3.0-15. Es enviado el binario hawk_invoke (construido a partir de tools/hawk_invoke.c), destinado a ser usado como un programa setuid. Esto permite al usuario hacluster invocar determinados comandos como root (con un intento de limitar esto a combinaciones seguras). Este usuario es capaz de ejecutar un \"shell\" interactivo que no est\u00e1 limitado a los comandos especificados en hawk_invoke, permitiendo una escalada a root."}], "id": "CVE-2021-3020", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-26T00:15:08.773", "references": [{"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1180571"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/ClusterLabs/hawk/releases"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}