CVE-2018-1079

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1079 Issue Tracking Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1060 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:clusterlabs:pacemaker_command_line_interface:0.10:*:*:*:*:*:*:*
cpe:2.3:a:clusterlabs:pacemaker_command_line_interface:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*

Information

Published : 2018-04-12 05:29

Updated : 2019-10-09 11:38


NVD link : CVE-2018-1079

Mitre link : CVE-2018-1079

Products Affected
No products.
CWE