Plataforma
linux
Componente
pacemaker
Corregido en
2.0.2
CVE-2019-3885 describes a use-after-free vulnerability discovered in Pacemaker, a cluster resource manager. This flaw allows for the potential leakage of sensitive information through system logs, potentially exposing critical configuration details or operational data. The vulnerability affects Pacemaker versions up to and including 2.0.1, and a fix is available in version 2.0.2.
The primary impact of CVE-2019-3885 is the potential for sensitive information leakage. While a use-after-free vulnerability can, in some cases, lead to denial-of-service or remote code execution, the description specifically highlights information leakage via system logs. This could include details about cluster configuration, resource dependencies, or even credentials used by Pacemaker. An attacker exploiting this vulnerability could gain valuable insights into the cluster's architecture and operation, potentially facilitating further attacks. The blast radius is limited to systems running Pacemaker and accessible to the attacker.
CVE-2019-3885 was publicly disclosed on April 18, 2019. There is no indication of active exploitation or KEV listing at this time. Public proof-of-concept exploits are not widely available, suggesting a relatively low probability of near-term exploitation. The vulnerability's impact is primarily information disclosure, which may make it less attractive to attackers compared to vulnerabilities with more severe consequences.
Organizations heavily reliant on Pacemaker for high-availability cluster management are at increased risk. This includes environments with sensitive data or critical services managed by Pacemaker clusters. Systems with older Pacemaker versions (≤2.0.1) that have not been regularly patched are particularly vulnerable.
• linux / server:
journalctl -u pacemaker | grep -i error• linux / server:
ps aux | grep pacemaker• linux / server:
ls -l /usr/lib/pacemaker/disclosure
Estado del Exploit
EPSS
0.14% (35% percentil)
Vector CVSS
The recommended mitigation for CVE-2019-3885 is to upgrade Pacemaker to version 2.0.2 or later. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider implementing stricter access controls to the system logs to limit the visibility of sensitive information. Monitoring system logs for unusual activity or errors related to Pacemaker can also help detect potential exploitation attempts. While a WAF is unlikely to directly mitigate this vulnerability, it can help protect against related attacks that leverage the leaked information.
Actualice pacemaker a una versión posterior a la 2.0.1. Esto solucionará la vulnerabilidad de use-after-free que podría filtrar información sensible a través de los registros del sistema.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2019-3885 is a use-after-free vulnerability affecting Pacemaker versions up to 2.0.1, potentially leading to sensitive information leakage through system logs.
You are affected if you are running Pacemaker version 2.0.1 or earlier. Upgrade to version 2.0.2 or later to mitigate the vulnerability.
Upgrade Pacemaker to version 2.0.2 or later. If immediate upgrade is not possible, restrict access to system logs and monitor for unusual activity.
There is currently no evidence of active exploitation of CVE-2019-3885.
Refer to the Pacemaker project website and relevant security mailing lists for official advisories and updates related to CVE-2019-3885.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.