CVE-2018-1086

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.

Published : 2018-04-12 16:29 Updated : 2019-10-09 23:38

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Redhat Enterprise Linux Server Eus 7.5 cpe:/o:redhat:enterprise_linux_server_eus:7.5
Redhat Enterprise Linux Server Eus 7.6 cpe:/o:redhat:enterprise_linux_server_eus:7.6
Clusterlabs Pacemaker Command Line Interface 0.9.164 cpe:/a:clusterlabs:pacemaker_command_line_interface:0.9.164
Clusterlabs Pacemaker Command Line Interface 0.10 cpe:/a:clusterlabs:pacemaker_command_line_interface:0.10
Debian Debian Linux 9.0 cpe:/o:debian:debian_linux:9.0
  1. Clusterlabs (1) Search CVE
    1. Pacemaker Command Line Interface (2) Search CVE
      1. 0.9.164
      2. 0.10
  2. Redhat (1) Search CVE
    1. Enterprise Linux Server Eus (2) Search CVE
      1. 7.5
      2. 7.6
  3. Debian (1) Search CVE
    1. Debian Linux (1) Search CVE
      1. 9.0

CWE

ID Name Description Links
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2019-03-20 15:01
2018-06-20 01:29
2018-05-17 15:54
2018-04-16 09:58
2018-04-12 16:29

New CVE