First published: Fri Mar 20 2020(Updated: )
An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
LINBIT csync2 | <=2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-15522 is critical with a CVSS score of 9.8.
The affected software for CVE-2019-15522 is LINBIT csync2 version 2.0.
To fix CVE-2019-15522, update to a version of LINBIT csync2 that is later than 2.0.
For more information about CVE-2019-15522, refer to the following link: https://github.com/LINBIT/csync2/commit/416f1de878ef97e27e27508914f7ba8599a0be22