Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-2735

Опубликовано: 01 сент. 2022
Источник: redhat
CVSS3: 8.4

Описание

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

Отчет

The bug was introduced in PCS version 0.10.5 upstream by this bugzilla. https://bugzilla.redhat.com/show_bug.cgi?id=1783106

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7pcsNot affected
Red Hat Enterprise Linux 8pcsFixedRHSA-2022:631401.09.2022
Red Hat Enterprise Linux 8.2 Extended Update SupportpcsFixedRHSA-2022:634105.09.2022
Red Hat Enterprise Linux 8.4 Extended Update SupportpcsFixedRHSA-2022:631201.09.2022
Red Hat Enterprise Linux 9pcsFixedRHSA-2022:631301.09.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-276
https://bugzilla.redhat.com/show_bug.cgi?id=2116815pcs: obtaining an authentication token for hacluster user could lead to privilege escalation

8.4 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-2735

CVSS3: 7.8
ubuntu
больше 3 лет назад

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

nvd логотип

CVE-2022-2735

CVSS3: 7.8
nvd
больше 3 лет назад

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

debian логотип

CVE-2022-2735

CVSS3: 7.8
debian
больше 3 лет назад

A vulnerability was found in the PCS project. This issue occurs due to ...

github логотип

GHSA-7xr9-rmm4-cq6v

CVSS3: 7.8
github
больше 3 лет назад

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

oracle-oval логотип

ELSA-2022-9754

oracle-oval
больше 3 лет назад

ELSA-2022-9754: pcs security update (IMPORTANT)

8.4 High

CVSS3