CVE-2018-1079

Advisory lineage Upstream: 0 Downstream: 3
Modified
Published: 12 Apr 2018, 17:00
Last modified:05 Aug 2024, 03:51

Vulnerability Summary

Overall Risk (default)
medium
35/100
CVSS Score
8.7 HIGH
v3.0 (cve.org)
EPSS Score
0.41% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

12 Apr 2018, 17:00
Published
Vulnerability first disclosed
05 Aug 2024, 03:51
Last Modified
Vulnerability information updated

Description

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.

CVSS Metrics

  • v3.0HIGHScore: 8.7CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
  • v3.0MEDIUMScore: 6.5CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • v2.0MEDIUMScore: 4AV:N/AC:L/Au:S/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.41% Percentile: 61%

Techniques & Countermeasures

  • CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

    The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

  • CWE-552Files or Directories Accessible to External Parties

    The product makes files or directories accessible to unauthorized actors, even though they should not be.

Affected Systems

  • clusterlabspacemaker_command_line_interface

    ≤ 0.9.164 | 0.10

  • redhatenterprise_linux

    7.0 | 7.5

  • unspecifiedpcs

    pcs 0.9.164 | pcs 0.10

References (2)