vulnerability

Oracle Linux: CVE-2018-1086: ELSA-2018-1060: pcs security update (IMPORTANT)

Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
04/09/2018
Added
05/01/2018
Modified
01/07/2025

Description

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.

Solution(s)

oracle-linux-upgrade-pcsoracle-linux-upgrade-pcs-snmp
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.