ClusterLabs PCS 0.9.70

CPE Details

ClusterLabs PCS 0.9.70
clusterlabs
pcs
0.9.70
2019-06-17
15h15 +00:00
2019-06-17
15h15 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:clusterlabs:pcs:0.9.70:*:*:*:*:*:*:*

Informations

Vendor

clusterlabs

Product

pcs

Version

0.9.70

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-1049 2022-03-25 17h03 +00:00 A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
8.8
High
CVE-2017-2661 2018-03-12 15h00 +00:00 ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.
6.1
Medium
CVE-2016-0720 2017-04-21 13h00 +00:00 Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
8.8
High
CVE-2016-0721 2017-04-21 13h00 +00:00 Session fixation vulnerability in pcsd in pcs before 0.9.157.
8.1
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.