A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon allowed expired accounts and accounts with expired passwords to log in when using PAM authentication. Unprivileged, expired accounts with previously denied access could still log in.
https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5
https://www.debian.org/security/2022/dsa-5226
https://lists.debian.org/debian-lts-announce/2022/09/msg00017.html
https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5/
https://bugzilla.redhat.com/show_bug.cgi?id=2066629
https://access.redhat.com/errata/RHSA-2022:7447
Source: MITRE
Published: 2022-03-25
Updated: 2023-02-02
Type: CWE-287
Base Score: 6.5
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8
Severity: MEDIUM
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH