UBUNTU-CVE-2017-2661

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster...

Cross site scripting

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster...

UBUNTU-CVE-2016-0721

Session fixation vulnerability in pcsd in pcs before 0.9.157...

CVE-2016-0721

CVE-2016-0721 describes a session fixation vulnerability in pcsd (part of the PCS/Corosync-Pacemaker tooling) affecting pcs before 0.9.157. The issue arises from how sessions are managed, potentially allowing an attacker to hijack an authenticated session. Affected product: pcs/pcsd components pr...

PT-2017-7646 · Pcs +2 · Pcsd +2

Name of the Vulnerable Software and Affected Versions: pcsd in pcs versions prior to 0.9.157 Description: The issue is related to a session fixation problem. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploite...