pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.

Published : 2018-04-12 17:29 Updated : 2019-10-09 23:38

CVSS Score More info
Score 4.0 / 10
Vendor Product Version URI
Clusterlabs Pacemaker Command Line Interface 0.9.164 cpe:/a:clusterlabs:pacemaker_command_line_interface:0.9.164
Clusterlabs Pacemaker Command Line Interface 0.10 cpe:/a:clusterlabs:pacemaker_command_line_interface:0.10
Redhat Enterprise Linux 7.0 cpe:/o:redhat:enterprise_linux:7.0
Redhat Enterprise Linux 7.5 cpe:/o:redhat:enterprise_linux:7.5
  1. Clusterlabs (1) Search CVE
    1. Pacemaker Command Line Interface (2) Search CVE
      1. 0.9.164
      2. 0.10
  2. Redhat (1) Search CVE
    1. Enterprise Linux (2) Search CVE
      1. 7.0
      2. 7.5


ID Name Description Links
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. CVE

History of changes

Date Event
2019-10-03 00:03
2018-05-17 15:55
2018-04-12 17:29