Clusterlabs Pcs vulnerabilities
8 known vulnerabilities affecting clusterlabs/pcs.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH5MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2022-1049P3HIGHCVSS 8.8≤ 0.11.2vpcs versions <= v0.11.22022-03-25
CVE-2022-1049 [HIGH] CWE-287 CVE-2022-1049: A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired acco
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
nvdosv
CVE-2023-2319P3CRITICALCVSS 9.8v0.11.4-6.el9vAffects pcs v0.11.4-6.el9, Fixed in pcs v0.11.4-7.el9_22023-05-17
CVE-2023-2319 [CRITICAL] CVE-2023-2319: It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red H
It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific securi
nvd
CVE-2018-1086P3HIGHCVSS 7.5≥ 0, < 0.9.164-12018-04-12
CVE-2018-1086 [HIGH] CVE-2018-1086: pcs before versions 0
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
osv
CVE-2022-2735P3HIGHCVSS 7.8≥ 0.10.5, ≤ 0.11.3vAffects v0.10.5 and later including all 0.11.x.2022-09-06
CVE-2022-2735 [HIGH] CWE-276 CVE-2022-2735: A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Un
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluste
nvdosv
CVE-2018-1079P3MEDIUMCVSS 6.5≥ 0, < 0.9.164-12018-04-12
CVE-2018-1079 [MEDIUM] CVE-2018-1079: pcs before version 0
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd p
osv
CVE-2016-0720P3HIGHCVSS 8.8≤ 0.9.1482017-04-21
CVE-2016-0720 [HIGH] CWE-352 CVE-2016-0720: Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
nvdosv
CVE-2016-0721P3HIGHCVSS 8.1≤ 0.9.1562017-04-21
CVE-2016-0721 [HIGH] CWE-384 CVE-2016-0721: Session fixation vulnerability in pcsd in pcs before 0.9.157.
Session fixation vulnerability in pcsd in pcs before 0.9.157.
nvdosv
CVE-2017-2661P4MEDIUMCVSS 6.1fixed in 0.9.157v0.9.1572018-03-12
CVE-2017-2661 [MEDIUM] CWE-79 CVE-2017-2661: ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to
ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.
nvdosv