Clusterlabs Pacemaker Command Line Interface
By the Year
In 2024 there have been 0 vulnerabilities in Clusterlabs Pacemaker Command Line Interface . Pacemaker Command Line Interface did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 2 | 7.00 |
It may take a day or so for new Pacemaker Command Line Interface vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Clusterlabs Pacemaker Command Line Interface Security Vulnerabilities
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call
CVE-2018-1079
6.5 - Medium
- April 12, 2018
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
Directory traversal
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass
CVE-2018-1086
7.5 - High
- April 12, 2018
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Server Eus or by Clusterlabs? Click the Watch button to subscribe.