Pcs
CVE-2023-2319
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.
AnalysisAI
It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2. Affected products include: Clusterlabs Pcs, Redhat Enterprise Linux High Availability, Redhat Enterprise Linux High Availability Eus.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A flaw was found in the Pacemaker configuration tool (pcs). Rated high severity (CVSS 8.8), this vulnerability is remote
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. Rated high severity (CVSS 8.8), th
Session fixation vulnerability in pcsd in pcs before 0.9.157. Rated high severity (CVSS 8.1), this vulnerability is remo
A vulnerability was found in the PCS project. Rated high severity (CVSS 7.8), this vulnerability is low attack complexit
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today