CVE-2023-2319

4 documents4 sources

Severity

9.8CRITICAL

EPSS

0.1%

top 70.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clusterlabs PCS Redhat Enterprise Linux High Availability Redhat Enterprise Linux High Availability EUS

Timeline

PublishedMay 17

Latest updateMay 18

Description

It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDredhat/enterprise_linux_high_availability9.0, 9.2+1

▶CVEListV5pcsAffects pcs v0.11.4-6.el9, Fixed in pcs v0.11.4-7.el9_2

▶NVDclusterlabs/pcs0.11.4-6.el9

🔴Vulnerability Details

GHSA

GHSA-6rhm-fw89-rh2q: It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9↗2023-05-18

▶

CVEList

CVE-2023-2319: It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9↗2023-05-17

▶

📋Vendor Advisories

Red Hat

pcs: webpack: Regression of CVE-2023-28154 fixes in the Red Hat Enterprise Linux↗2023-05-09

▶