{"id":"CVE-2022-1049","details":"A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.","modified":"2026-05-18T05:53:39.307823661Z","published":"2022-03-25T18:03:01Z","related":["ALSA-2022:7447","ALSA-2022:7935"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1049.json","cna_assigner":"redhat","cwe_ids":["CWE-287"],"unresolved_ranges":[{"extracted_events":[{"last_affected":"pcs versions \u003c= v0.11.2"}],"source":"AFFECTED_FIELD"}]},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/1xxx/CVE-2022-1049.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1049"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5226"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2022/09/msg00017.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/clusterlabs/pcs","events":[{"introduced":"0"},{"last_affected":"e9443b13aff4062be1216644ff5cd9e497ca5373"}],"database_specific":{"cpe":"cpe:2.3:a:clusterlabs:pcs:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"0.11.2"}],"source":"CPE_FIELD"}}],"versions":["v0.11.2","v0.11.1","v0.11.1.alpha.1","v0.10.10","v0.10.9","v0.10.8","0.10.8","v0.10.7","0.10.7","0.10.6","0.10.5","0.10.4","0.10.3","0.10.2","before-test-move","0.10.1","0.10.0.alpha.7","0.10.0.alpha.6","0.10.0.alpha.5","0.10.0.alpha.4","0.10.0.alpha.3","0.10.0.alpha.2","0.10.0.alpha.1","0.9.163","0.9.162","0.9.161","0.9.160","0.9.159","0.9.158","0.9.157","0.9.156","0.9.155","0.9.154","0.9.153","0.9.152","0.9.151","0.9.150","0.9.149","0.9.148","0.9.147","0.9.146","0.9.145","0.9.144","0.9.143","0.9.142","0.9.141","0.9.140","0.9.139","0.9.138","0.9.137","0.9.136","0.9.135","0.9.134","0.9.132","0.9.131","0.9.130","0.9.129","0.9.128","0.9.127","0.9.126","0.9.125","0.9.124","0.9.123","0.9.122","0.9.121","0.9.120","0.9.119","0.9.118","0.9.117","0.9.116","0.9.115","0.9.114","0.9.113","0.9.112","0.9.111","0.9.110","0.9.109","0.9.108","0.9.107","0.9.106","0.9.105","0.9.104","0.9.103","0.9.102","0.9.101","0.9.100","0.9.99","0.9.98","0.9.97","0.9.96","0.9.95","0.9.94","0.9.93","0.9.92","0.9.91","0.9.90","0.9.89","0.9.88","0.9.87","0.9.86","0.9.85","0.9.84","0.9.83","0.9.82","0.9.81","0.9.80","0.9.79","0.9.78","0.9.77","0.9.75","0.9.74","0.9.73","0.9.72","0.9.71","0.9.70","0.9.69","0.9.68","0.9.67","0.9.66","0.9.65","0.9.64","0.9.63","0.9.62","0.9.61","0.9.60","0.9.59","0.9.58","0.9.57","0.9.56","0.9.55","0.9.54","0.9.53","0.9.52","0.9.51","0.9.50","0.9.49","0.9.48","0.9.47","0.9.46","0.9.45","0.9.44","0.9.43","0.9.42","0.9.41","0.9.40","0.9.39","0.9.38","0.9.37","0.9.36","0.9.35","0.9.34","0.9.32","0.9.31","0.9.30","0.9.9","0.9.8","0.9.7","0.9.6","0.9.5","0.9.4","0.9.3.1","0.9.3","0.9.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-1049.json"}}],"schema_version":"1.7.5"}