2 matches found
CVE-2018-1086
CVE-2018-1086 affects the pcs/pcsd REST interface where the debug argument is not removed from the /run_pcs query, allowing information disclosure and privilege escalation for a remote attacker with a valid token. Affected are pcs before versions 0.9.164 and 0.10 (per multiple advisories). Remedi...
CVE-2018-1079
CVE-2018-1079 affects the pcsd REST interface. An authenticated user with write permissions can exploit an improper file-name sanitization in /remote/put_file to create or overwrite arbitrary files outside of /etc/booth, gaining privilege escalation in the pcsd process. Affected: pcs before 0.9.1...