Vulnerabilities > Clusterlabs > PCS

DATE CVE VULNERABILITY TITLE RISK
2023-05-17 CVE-2023-2319 It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591.
network
low complexity
clusterlabs redhat
critical
 9.8
9.8
2022-09-06 CVE-2022-2735 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was found in the PCS project.
local
low complexity
clusterlabs debian CWE-276
7.8
7.8
2022-03-25 CVE-2022-1049 Improper Authentication vulnerability in multiple products
A flaw was found in the Pacemaker configuration tool (pcs).
network
low complexity
clusterlabs debian CWE-287
8.8
8.8
2018-03-12 CVE-2017-2661 Cross-site Scripting vulnerability in Clusterlabs PCS
ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. 		4.3
4.3
2017-04-21 CVE-2016-0721 Session Fixation vulnerability in multiple products
Session fixation vulnerability in pcsd in pcs before 0.9.157.
network
low complexity
clusterlabs redhat fedoraproject CWE-384
8.1
8.1
2017-04-21 CVE-2016-0720 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
network
low complexity
clusterlabs redhat fedoraproject CWE-352
8.8
8.8