82 matches found
CVE-2015-5190
CVE-2015-5190 affects the pcsd web UI in PCS 0.9.139 and earlier, enabling remote authenticated users to execute arbitrary commands via escape characters in a crafted URL. The Red Hat (RHSA-2015:1700) and related advisories confirm a command injection flaw in the pcsd web UI; a separate privilege...
CVE-2015-5189
The vulnerability CVE-2015-5189 affects the pcsd component of PCS (pcsd web UI) in PCS versions up to 0.9.139. It is a race condition where a global username-validation variable can be exploited by an authenticated remote user to perform actions with higher privileges after another user is authen...
CVE-2015-5190
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL...
pcs: Incorrect authorization when using pcs web UI
A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more...
pcs: Command injection with root privileges.
A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI...
PT-2015-6794 · Pcs +2 · Pcs +2
Name of the Vulnerable Software and Affected Versions: PCs versions 0.9.139 and earlier Description: The issue allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. This is related to the pcsd web UI. Recommendations: For versions 0.9.139 and earlier,...
The vulnerability of the OpenStack cloud service platform allows a hacker to execute arbitrary commands.
The vulnerability of the OpenStack cloud platform lies in the use of the default password “CHANGEME” for the pcsd daemon. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
CVE-2015-3983
The PCS vulnerability CVE-2015-3983 is in the PCS daemon (pcsd) where the Set-Cookie header did not include the HttpOnly flag in PCS 0.9.137 and earlier, enabling potential information disclosure via script access to the cookie. The issue is remote and was split from CVE-2015-1848; advisories and...
CVE-2015-1848
The CVE-2015-1848 entry concerns the PCS daemon (pcsd) in PCS 0.9.137 and earlier failing to set the Secure flag on cookies in HTTPS sessions (CVE-2015-1848); CVE-2015-3983 covers the related issue of not setting the HttpOnly flag. Multiple open-source advisories (Fedora/CentOS and related feeds)...
Scientific Linux Security Update : pcs on SL7.x x86_64 (20150512)
It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI. CVE-2015-1848 Th...
pcs, python security update
CentOS Errata and Security Advisory CESA-2015:0980 Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...
pcs security update
CentOS Errata and Security Advisory CESA-2015:0990 Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...
Important: Red Hat Security Advisory: pcs security and bug fix update
Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
pcs: improper web session variable signing
It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI...
Important: Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules update
Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and adds one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security...
openstack-puppet-modules: pacemaker configured with default password
It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root...
Red Hat openstack-puppet-modules trust management vulnerability
Red Hat openstack-puppet-modules is a Red Hat implementation of Puppet a configuration management tool based on a client/server architecture capable of configuring core OpenStack services. A security vulnerability in the puppet manifests in Red Hat openstack-puppet-modules versions prior to...
CVE-2015-1842
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors...
openstack-puppet-modules: pacemaker configured with default password
It was discovered that the puppet manifests, as provided with the openstack-puppet-modules package, would configure the pcsd daemon with a known default password. If this password was not changed and an attacker was able to gain access to pcsd, they could potentially run shell commands as root...
Important: Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules security and bug fix update
Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...