Clusterlabs : Security Vulnerabilities, CVEs, (Information Leak)
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
Max CVSS
7.5
EPSS Score
0.58%
Published
2018-04-12
Updated
2019-10-09
1 vulnerabilities found