CVE-2018-1086

Опубликовано: 09 апр. 2018

Источник: redhat

CVSS3: 4.3

Описание

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.

It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 8	pcs	Not affected
Red Hat Storage 3	pcs	Not affected
Red Hat Enterprise Linux 6	pcs	Fixed	RHSA-2018:1927	19.06.2018
Red Hat Enterprise Linux 7	pcs	Fixed	RHSA-2018:1060	10.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1557366pcs: Debug parameter removal bypass, allowing information disclosure

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2018-1086

CVSS3: 4.3

ubuntu

больше 7 лет назад

CVE-2018-1086

CVSS3: 4.3

nvd

больше 7 лет назад

CVE-2018-1086

CVSS3: 4.3

debian

больше 7 лет назад

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug paramete ...

GHSA-p9pc-vgv7-x9j9

CVSS3: 7.5

github

больше 3 лет назад

ELSA-2018-1060

oracle-oval

больше 7 лет назад

ELSA-2018-1060: pcs security update (IMPORTANT)

4.3 Medium

CVSS3