CVE-2018-1086

Description

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.

CVSS Metrics

• v3.0•MEDIUM•Score: 4.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
• v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
• v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.20%• Percentile: 42%

Techniques & Countermeasures

• CWE-200•Exposure of Sensitive Information to an Unauthorized Actor

  The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• clusterlabs•pacemaker_command_line_interface

  0.9.164 | 0.10

• debian•debian_linux

  9.0

• redhat•enterprise_linux_server_eus

  7.5 | 7.6

• redhat•pcs

  pcs 0.9.164 | pcs 0.10

References (4)

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1086
• https://access.redhat.com/errata/RHSA-2018:1060
• https://access.redhat.com/errata/RHSA-2018:1927
• https://www.debian.org/security/2018/dsa-4169