Lucene search
RedHatRHSA-2022:7343HistoryNov 02, 2022 - 4:05 p.m.
(RHSA-2022:7343) Important: pcs security update
2022-11-0216:05:00
access.redhat.com
172
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.035 Low
EPSS
Percentile
91.5%
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
-
rubygem-rack: crafted requests can cause shell escape sequences (CVE-2022-30123)
-
jquery: Prototype pollution in object’s prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | s390x | pcs | < 0.9.169-3.el7_9.3 | pcs-0.9.169-3.el7_9.3.s390x.rpm |
| RedHat | 7 | ppc64le | pcs-snmp | < 0.9.169-3.el7_9.3 | pcs-snmp-0.9.169-3.el7_9.3.ppc64le.rpm |
| RedHat | 7 | s390x | pcs-debuginfo | < 0.9.169-3.el7_9.3 | pcs-debuginfo-0.9.169-3.el7_9.3.s390x.rpm |
| RedHat | 7 | x86_64 | pcs-snmp | < 0.9.169-3.el7_9.3 | pcs-snmp-0.9.169-3.el7_9.3.x86_64.rpm |
| RedHat | 7 | x86_64 | pcs | < 0.9.169-3.el7_9.3 | pcs-0.9.169-3.el7_9.3.x86_64.rpm |
| RedHat | 7 | s390x | pcs-snmp | < 0.9.169-3.el7_9.3 | pcs-snmp-0.9.169-3.el7_9.3.s390x.rpm |
| RedHat | 7 | ppc64le | pcs-debuginfo | < 0.9.169-3.el7_9.3 | pcs-debuginfo-0.9.169-3.el7_9.3.ppc64le.rpm |
| RedHat | 7 | x86_64 | pcs-debuginfo | < 0.9.169-3.el7_9.3 | pcs-debuginfo-0.9.169-3.el7_9.3.x86_64.rpm |
| RedHat | 7 | ppc64le | pcs | < 0.9.169-3.el7_9.3 | pcs-0.9.169-3.el7_9.3.ppc64le.rpm |
Related
nessus
nessus
RHEL 7 : pcs (RHSA-2022:7343)
2022-11-03 00:00:00
Oracle Linux 7 : pcs (ELSA-2022-7343)
2022-11-03 00:00:00
Scientific Linux Security Update : pcs on SL7.x x86_64 (2022:7343)
2022-11-10 00:00:00
oraclelinux
oraclelinux
pcs security update
2022-11-03 00:00:00
ipa security and bug fix update
2021-03-19 00:00:00
bootstrap security update
2021-08-09 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2021:4142) Low: pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
(RHSA-2020:1325) Moderate: python-XStatic-jQuery security update
2020-04-06 08:40:52
(RHSA-2021:0860) Moderate: ipa security and bug fix update
2021-03-16 10:27:14
rocky
rocky
pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
idm:DL1 and idm:client security, bug fix, and enhancement update
2021-05-18 06:14:07
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
osv
osv
Low: pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
Possible shell escape sequence injection vulnerability in Rack
2022-05-27 16:36:51
CVE-2022-30123
2022-12-05 22:15:10
hackerone
hackerone
Ruby on Rails: Escape Sequence Injection vulnerability in Rack
2021-11-29 12:44:26
github
github
Possible shell escape sequence injection vulnerability in Rack
2022-05-27 16:36:51
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
2019-04-26 16:29:11
Potential XSS vulnerability in jQuery
2020-04-29 22:19:14
redhatcve
redhatcve
veracode
veracode
OS Command Injection
2022-05-30 06:53:55
Prototype Pollution
2019-04-22 03:41:01
Cross-Site Scripting (XSS)
2020-04-30 02:21:22
ubuntucve
ubuntucve
debiancve
debiancve
cve
cve
prion
prion
Design/Logic Flaw
2022-12-05 22:15:00
Design/Logic Flaw
2019-04-20 00:29:00
Code injection
2020-04-29 21:15:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Jquery
2020-04-14 19:12:01
Exploit for Prototype Pollution in Jquery
2020-12-01 09:18:58
Exploit for Prototype Pollution in Jquery
2021-03-08 11:34:11
debian
debian
[SECURITY] [DSA 4434-1] drupal7 security update
2019-04-20 12:03:09
[SECURITY] [DLA 2118-1] otrs2 security update
2020-02-24 17:03:32
[SECURITY] [DLA 1777-1] jquery security update
2019-05-06 07:42:05
atlassian
atlassian
Address CVE-2019-11358 in the bundled version of jQuery
2019-07-08 22:57:45
jQuery 2.2.4 is vulnerable to prototype pollution
2019-05-13 01:57:29
jQuery 2.2.4 is vulnerable to prototype pollution
2019-05-13 01:57:29
joomla
joomla
[20190403] - Core - Object.prototype pollution in JQuery $.extend
2019-03-25 00:00:00
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006
2019-04-17 00:00:00
openvas
openvas
Django jQuery Vulnerability - Linux
2019-06-26 00:00:00
Django jQuery Vulnerability - Windows
2019-06-26 00:00:00
Debian: Security Advisory (DLA-1777-1)
2019-05-07 00:00:00
alpinelinux
alpinelinux
CVE-2019-11358
2019-04-20 00:29:00
CVE-2020-11023
2020-04-29 21:15:00
typo3
typo3
Cross-Site Scripting in jQuery before 3.4.0
2019-05-07 00:00:00
f5
f5
K20455158 : jQuery vulnerability CVE-2019-11358
2020-04-14 00:00:00
K66544153 : jQuery vulnerability CVE-2020-11023
2020-08-03 00:00:00
symantec
symantec
JQuery CVE-2019-11358 Cross Site Scripting Vulnerability
2019-04-17 00:00:00
ics
ics
Sensormatic Electronics VideoEdge
2021-11-02 12:00:00
almalinux
almalinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2021-05-18 06:14:07
zdt
zdt
jQuery 1.0.3 - Cross-Site Scripting Vulnerability
2021-04-14 00:00:00
packetstorm
packetstorm
jQuery 1.0.3 Cross Site Scripting
2021-04-14 00:00:00
amazon
amazon
checkpoint_advisories
checkpoint_advisories
jQuery Prototype Pollution Object Cross-Site Scripting (CVE-2019-11358)
2019-04-29 00:00:00
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: drupal7-7.66-1.fc30
2019-05-09 01:34:20
[SECURITY] Fedora 29 Update: drupal7-7.66-1.fc29
2019-05-09 03:18:10
rubygems
rubygems
Possible shell escape sequence injection vulnerability in Rack
2022-06-26 21:00:00
redos
redos
ROS-20220706-02
2022-07-06 00:00:00
ubuntu
ubuntu
Rack vulnerabilities
2023-02-27 00:00:00
suse
suse
Security update for rubygem-rack (critical)
2022-06-27 00:00:00
Security update for otrs (moderate)
2020-11-10 00:00:00
mageia
mageia
Updated ruby-rack packages fix security vulnerability
2022-07-05 22:11:26
gentoo
gentoo
Rack: Multiple Vulnerabilities
2023-10-30 00:00:00
exploitdb
exploitdb
jQuery 1.0.3 - Cross-Site Scripting (XSS)
2021-04-14 00:00:00
attackerkb
attackerkb
CVE-2019-11358
2019-04-20 00:00:00
CVE-2020-11022
2020-04-29 00:00:00
freebsd
freebsd
Django -- AdminURLFieldWidget XSS
2019-06-03 00:00:00
cnvd
cnvd
Silverstripe framework cross-site scripting vulnerability
2022-11-23 00:00:00
archlinux
archlinux
[ASA-201906-2] python-django: cross-site scripting
2019-06-04 00:00:00
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.035 Low
EPSS
Percentile
91.5%
Related for RHSA-2022:7343