Home > Vulnerability Database > CVE-2023-27486

Mend.io Vulnerability Database

CVE-2023-27486

Good to know:

Date: March 8, 2023

xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`.

Language: Perl

Severity Score

8.1

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-27486

Url: https://github.com/xcat2/xcat-core/issues/7246

Url: https://github.com/xcat2/xcat-core/security/advisories/GHSA-hpxg-7428-6jvv

Url: https://github.com/xcat2/xcat-core/pull/7247

Url: https://github.com/xcat2/xcat-core/pull/7247/commits/85149c37f49dbca7bd85f1f586960315604fc024

Url: https://www.mend.io/vulnerability-database/CVE-2023-27486

Severity Score

8.1

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version 2.16.5

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-27486

Good to know:

Date: March 8, 2023

Language: Perl

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?