Vulnerabilities > Clusterlabs

DATE CVE VULNERABILITY TITLE RISK
2018-04-12 CVE-2018-1086 Information Exposure vulnerability in multiple products
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass.
network
low complexity
clusterlabs debian redhat CWE-200
7.5
7.5
2018-03-12 CVE-2017-2661 Cross-site Scripting vulnerability in Clusterlabs PCS
ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.
network
low complexity
clusterlabs CWE-79
6.1
6.1
2017-04-21 CVE-2016-0721 Session Fixation vulnerability in multiple products
Session fixation vulnerability in pcsd in pcs before 0.9.157.
network
low complexity
clusterlabs redhat fedoraproject CWE-384
8.1
8.1
2017-04-21 CVE-2016-0720 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
network
low complexity
clusterlabs redhat fedoraproject CWE-352
8.8
8.8
2017-03-24 CVE-2016-7797 7PK - Security Features vulnerability in multiple products
Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. 		7.5
7.5