Pacemaker Command Line Interface

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:clusterlabs:pacemaker_command_line_interface:0.10:*:*:*:*:*:*:*

part: a version: 0.10 update: *

VendorClusterlabs (39a9ebdb-0284-5cdd-a5e6-af877468e529)
ProductPacemaker Command Line Interface (b19d2dc8-6092-5e3b-b35c-4a5b5f5a29d7)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/clusterlabs/pcs purl2cpe 2026-06-01 10:17:27.358364

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2018-1086 vulnerable 2026-06-08 05:11:16.859049 Details available
MEDIUM (4.3)
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
Published: 2018-04-12T16:00:00.000Z
Updated: 2024-08-05T03:51:48.471Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-1079 vulnerable 2026-06-08 05:11:16.842834 Details available
HIGH (8.7)
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
Published: 2018-04-12T17:00:00.000Z
Updated: 2024-08-05T03:51:48.682Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.