Описание
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 0.9.164-1 |
| cosmic | ignored | end of life |
| devel | not-affected | 0.10.1-2 |
| disco | not-affected | 0.10.1-2 |
| eoan | not-affected | 0.10.1-2 |
| esm-apps/bionic | not-affected | 0.9.164-1 |
| esm-apps/focal | not-affected | 0.10.1-2 |
| esm-apps/jammy | not-affected | 0.10.1-2 |
| esm-apps/xenial | released | 0.9.149-1ubuntu1.1+esm1 |
Показывать по
EPSS
5 Medium
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug paramete ...
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
EPSS
5 Medium
CVSS2
4.3 Medium
CVSS3