Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-2735

Опубликовано: 01 сент. 2022
Источник: redhat
CVSS3: 8.4
EPSS Низкий

Описание

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

Отчет

The bug was introduced in PCS version 0.10.5 upstream by this bugzilla. https://bugzilla.redhat.com/show_bug.cgi?id=1783106

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7pcsNot affected
Red Hat Enterprise Linux 8pcsFixedRHSA-2022:631401.09.2022
Red Hat Enterprise Linux 8.2 Extended Update SupportpcsFixedRHSA-2022:634105.09.2022
Red Hat Enterprise Linux 8.4 Extended Update SupportpcsFixedRHSA-2022:631201.09.2022
Red Hat Enterprise Linux 9pcsFixedRHSA-2022:631301.09.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-276
https://bugzilla.redhat.com/show_bug.cgi?id=2116815pcs: obtaining an authentication token for hacluster user could lead to privilege escalation

EPSS

Процентиль: 10%
0.00037
Низкий

8.4 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-2735

CVSS3: 7.8
ubuntu
около 3 лет назад

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

nvd логотип

CVE-2022-2735

CVSS3: 7.8
nvd
около 3 лет назад

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

debian логотип

CVE-2022-2735

CVSS3: 7.8
debian
около 3 лет назад

A vulnerability was found in the PCS project. This issue occurs due to ...

github логотип

GHSA-7xr9-rmm4-cq6v

CVSS3: 7.8
github
около 3 лет назад

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

oracle-oval логотип

ELSA-2022-9754

oracle-oval
около 3 лет назад

ELSA-2022-9754: pcs security update (IMPORTANT)

EPSS

Процентиль: 10%
0.00037
Низкий

8.4 High

CVSS3