This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Clusterlabs First view 2017-04-21
Product Pcs Last view 2023-05-17
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:clusterlabs:pcs:*:*:*:*:*:*:*:* 5
cpe:2.3:a:clusterlabs:pcs:0.11.4-6.el9:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
9.8 2023-05-17 CVE-2023-2319

It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.

7.8 2022-09-06 CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

8.8 2022-03-25 CVE-2022-1049

A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.

6.1 2018-03-12 CVE-2017-2661

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.

8.1 2017-04-21 CVE-2016-0721

Session fixation vulnerability in pcsd in pcs before 0.9.157.

8.8 2017-04-21 CVE-2016-0720

Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.

CWE : Common Weakness Enumeration

%idName
20% (1) CWE-384 Session Fixation
20% (1) CWE-352 Cross-Site Request Forgery (CSRF)
20% (1) CWE-287 Improper Authentication
20% (1) CWE-276 Incorrect Default Permissions
20% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Nessus® Vulnerability Scanner

id Description
2017-04-04 Name: The remote Fedora host is missing a security update.
File: fedora_2017-71e69a691b.nasl - Type: ACT_GATHER_INFO
2017-04-04 Name: The remote Fedora host is missing a security update.
File: fedora_2017-7accc8010b.nasl - Type: ACT_GATHER_INFO
2016-12-15 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20161103_pcs_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2016-11-28 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2016-2596.nasl - Type: ACT_GATHER_INFO
2016-11-04 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-2596.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-3b20c4ec9d.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote Fedora host is missing a security update.
File: fedora_2016-cdd4228cc7.nasl - Type: ACT_GATHER_INFO