Vulnerabilities > Clusterlabs > PCS > 0.9.37

DATE CVE VULNERABILITY TITLE RISK
2022-03-25 CVE-2022-1049 Improper Authentication vulnerability in multiple products
A flaw was found in the Pacemaker configuration tool (pcs).
network
low complexity
clusterlabs debian CWE-287
8.8
8.8
2018-03-12 CVE-2017-2661 Cross-site Scripting vulnerability in Clusterlabs PCS
ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. 		4.3
4.3
2017-04-21 CVE-2016-0721 Session Fixation vulnerability in multiple products
Session fixation vulnerability in pcsd in pcs before 0.9.157.
network
low complexity
clusterlabs redhat fedoraproject CWE-384
8.1
8.1
2017-04-21 CVE-2016-0720 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
network
low complexity
clusterlabs redhat fedoraproject CWE-352
8.8
8.8