CVE-2018-1079Files or Directories Accessible to External Parties in Pacemaker Command Line Interface

CWE-552Files or Directories Accessible to External PartiesCWE-22Path Traversal8 documents7 sources
Severity
6.5MEDIUMNVD
CNA8.7
EPSS
0.4%
top 38.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Clusterlabs PCSClusterlabs Pacemaker Command Line InterfaceRedhat Enterprise Linux
Timeline
PublishedApr 12
Latest updateMay 13

Description

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianclusterlabs/pcs< 0.9.164-1+3

Also affects: Enterprise Linux 7.0, 7.5

🔴Vulnerability Details

3
GHSA
GHSA-wxjj-jh24-cx5f: pcs before version 02022-05-13
CVEList
CVE-2018-1079: pcs before version 02018-04-12
OSV
CVE-2018-1079: pcs before version 02018-04-12

📋Vendor Advisories

2
Red Hat
pcs: Privilege escalation via authorized user malicious REST call2018-04-09
Debian
CVE-2018-1079: pcs - pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via ...2018

💬Community

2
Bugzilla
CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call [fedora-all]2018-04-09
Bugzilla
CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call2018-02-28
CVE-2018-1079 — MEDIUM severity | cvebase