82 matches found
Amazon Linux 2 : pcs (ALAS-2018-1005)
Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
Privilege escalation
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...
CVE-2018-1079
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...
DEBIAN-CVE-2018-1079
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...
UBUNTU-CVE-2018-1079
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...
CVE-2018-1079
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...
CVE-2018-1079
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...
CVE-2018-1079
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with...
Privilege escalation
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
UBUNTU-CVE-2018-1086
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
DEBIAN-CVE-2018-1086
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
CVE-2018-1086
CVE-2018-1086 affects the pcs/pcsd REST interface where the debug argument is not removed from the /run_pcs query, allowing information disclosure and privilege escalation for a remote attacker with a valid token. Affected are pcs before versions 0.9.164 and 0.10 (per multiple advisories). Remedi...
pcs: Privilege escalation via authorized user malicious REST call
It was found that the REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the...
CVE-2018-1079
It was found that the REST interface of the pcsd service did not properly sanitize the file name from the /remote/putfile query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the...
CVE-2018-1086
It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in pcsd web UI in pcs before 0.9.149...
CVE-2016-0721
Session fixation vulnerability in pcsd in pcs before 0.9.157...
Session fixation
Session fixation vulnerability in pcsd in pcs before 0.9.157...
CVE-2016-0720
Cross-site request forgery CSRF vulnerability in pcsd web UI in pcs before 0.9.149...
CVE-2016-0721
Session fixation vulnerability in pcsd in pcs before 0.9.157...