6 matches found
CVE-2023-2319
CVE-2023-28154 (Webpack ImportParserPlugin.js mishandling) is confirmed across multiple IBM and Red Hat related advisories in connected documents. The vulnerability could allow a remote attacker to bypass security restrictions or access the real global object. Concrete affected contexts include I...
CVE-2022-2735
CVE-2022-2735 affects the PCS project. The root cause is incorrect permissions on the Unix socket used for internal PCS daemon communication, enabling a privilege escalation by obtaining an authentication token for a hacluster user. With that token, an attacker could gain complete control over th...
CVE-2016-0720
CVE-2016-0720 is a CSRF flaw in the pcsd web UI of the ClusterLabs pcs before 0.9.149. The vulnerability allows remote attackers to trigger state-changing requests via the web interface. Affected component: pcsd web UI (pcs before 0.9.149). Documented impact is implied by CSRF risk; explicit expl...
CVE-2022-1049
CVE-2022-1049 concerns the Pacemaker configuration tool (pcs) where the daemon allowed expired accounts and accounts with expired passwords to authenticate via PAM, enabling login for unprivileged expired accounts. Connected advisories/plugins reference affected packages across multiple distribut...
CVE-2016-0721
CVE-2016-0721 describes a session fixation vulnerability in pcsd (part of the PCS/Corosync-Pacemaker tooling) affecting pcs before 0.9.157. The issue arises from how sessions are managed, potentially allowing an attacker to hijack an authenticated session. Affected product: pcs/pcsd components pr...
CVE-2017-2661
CVE-2017-2661 affects ClusterLabs pcs before version 0.9.157, which is vulnerable to a cross-site scripting (XSS) vulnerability caused by improper validation of the Node name field when creating a new cluster or adding an existing cluster. This is supported by multiple connected sources noting XS...