GCVE - cpe:2.3:a:clusterlabs:pcs:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:clusterlabs:pcs:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Clusterlabs (`39a9ebdb-0284-5cdd-a5e6-af877468e529`)
Product	Pcs (`f4968df9-c05d-5bbc-8361-0a2cca7774d4`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/clusterlabs/pcs`	purl2cpe	2026-06-01 10:17:27.444918

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-2735`	vulnerable	2026-06-08 05:43:36.085932	Details available A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS. Published: 2022-09-06T17:18:51.000Z Updated: 2024-08-03T00:46:04.116Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=2116815 https://www.openwall.com/lists/oss-security/2022/09/01/4 https://access.redhat.com/security/cve/CVE-2022-2735 https://www.debian.org/security/2022/dsa-5226	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-1049`	vulnerable	2026-06-08 05:39:12.065744	Details available A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login. Published: 2022-03-25T18:03:01.000Z Updated: 2024-08-02T23:47:43.257Z Open on db.gcve.eu Reference links https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5 https://www.debian.org/security/2022/dsa-5226 https://lists.debian.org/debian-lts-announce/2022/09/msg00017.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-2661`	vulnerable	2026-06-08 05:09:24.904557	Details available ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. Published: 2018-03-12T15:00:00.000Z Updated: 2024-09-16T17:28:02.146Z Open on db.gcve.eu Reference links https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f https://bugzilla.redhat.com/show_bug.cgi?id=1428948	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-0721`	vulnerable	2026-06-08 05:07:15.907880	Details available Session fixation vulnerability in pcsd in pcs before 0.9.157. Published: 2017-04-21T15:00:00.000Z Updated: 2024-08-05T22:30:04.084Z Open on db.gcve.eu Reference links https://github.com/ClusterLabs/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774 https://bugzilla.redhat.com/show_bug.cgi?id=1299615 https://github.com/ClusterLabs/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178384.html http://www.securityfocus.com/bid/97977	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-0720`	vulnerable	2026-06-08 05:07:15.906168	Details available Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. Published: 2017-04-21T15:00:00.000Z Updated: 2024-08-05T22:30:03.990Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1299614 https://github.com/ClusterLabs/pcs/commit/b9e7f061788c3b86a0c67d2d4158f067ec5eb625 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178384.html http://www.securityfocus.com/bid/97984 http://rhn.redhat.com/errata/RHSA-2016-2596.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.