CVE-2020-25654

Publication date 27 October 2020

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

7.2 · High

Score breakdown

Description

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.

Status

Package Ubuntu Release Status
pacemaker 20.10 groovy
Fixed 2.0.4-2ubuntu3.1
20.04 LTS focal
Fixed 2.0.3-3ubuntu4.1
18.04 LTS bionic
Fixed 1.1.18-0ubuntu1.3
16.04 LTS xenial
Fixed 1.1.14-2ubuntu1.9
14.04 LTS trusty Not in release

Severity score breakdown

CVSS version: CVSS v3.0

Base score 7.2 · High

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-4623-1
    • Pacemaker vulnerability
    • 9 November 2020

Other references

Access our resources on patching vulnerabilities