3 matches found
DEBIAN-CVE-2016-0720
Cross-site request forgery CSRF vulnerability in pcsd web UI in pcs before 0.9.149...
PT-2017-7645 · Pacemaker +2 · Pcsd +2
Name of the Vulnerable Software and Affected Versions: pcsd versions prior to 0.9.149 Description: The issue is related to a cross-site request forgery CSRF vulnerability in the pcsd web UI. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...
pcs: improper web session variable signing
It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI...