{"containers":{"cna":{"affected":[{"product":"clusterlabs/pcs","vendor":"n/a","versions":[{"status":"affected","version":"pcs versions <= v0.11.2"}]}],"descriptions":[{"lang":"en","value":"A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-287","description":"CWE-287","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2022-09-14T23:06:10.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["x_refsource_MISC"],"url":"https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5"},{"name":"DSA-5226","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"https://www.debian.org/security/2022/dsa-5226"},{"name":"[debian-lts-announce] 20220914 [SECURITY] [DLA 3108-1] pcs security update","tags":["mailing-list","x_refsource_MLIST"],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00017.html"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T23:47:43.257Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5"},{"name":"DSA-5226","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"https://www.debian.org/security/2022/dsa-5226"},{"name":"[debian-lts-announce] 20220914 [SECURITY] [DLA 3108-1] pcs security update","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00017.html"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2022-1049","datePublished":"2022-03-25T18:03:01.000Z","dateReserved":"2022-03-22T00:00:00.000Z","dateUpdated":"2024-08-02T23:47:43.257Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}