CVE-2017-2661

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.

References

Affected packages

Git / github.com/clusterlabs/pcs

Affected ranges

Type

GIT

Repo

https://github.com/clusterlabs/pcs

Events

Introduced

Fixed

58ed3160af65ef8497cb6ea62532d29f28479973

Fixed

1874a769b5720ae5430f10c6cedd234430bc703f

Database specific

{
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.9.157"
        }
    ],
    "cpe": "cpe:2.3:a:clusterlabs:pcs:*:*:*:*:*:*:*:*"
}

Affected versions

0.*

0.9.100

0.9.101

0.9.102

0.9.103

0.9.104

0.9.105

0.9.106

0.9.107

0.9.108

0.9.109

0.9.110

0.9.111

0.9.112

0.9.113

0.9.114

0.9.115

0.9.116

0.9.117

0.9.118

0.9.119

0.9.120

0.9.121

0.9.122

0.9.123

0.9.124

0.9.125

0.9.126

0.9.127

0.9.128

0.9.129

0.9.130

0.9.131

0.9.132

0.9.134

0.9.135

0.9.136

0.9.137

0.9.138

0.9.139

0.9.140

0.9.141

0.9.142

0.9.143

0.9.144

0.9.145

0.9.146

0.9.147

0.9.148

0.9.149

0.9.150

0.9.151

0.9.152

0.9.153

0.9.154

0.9.155

0.9.156

0.9.2

0.9.3

0.9.3.1

0.9.30

0.9.31

0.9.32

0.9.34

0.9.35

0.9.36

0.9.37

0.9.38

0.9.39

0.9.4

0.9.40

0.9.41

0.9.42

0.9.43

0.9.44

0.9.45

0.9.46

0.9.47

0.9.48

0.9.49

0.9.5

0.9.50

0.9.51

0.9.52

0.9.53

0.9.54

0.9.55

0.9.56

0.9.57

0.9.58

0.9.59

0.9.6

0.9.60

0.9.61

0.9.62

0.9.63

0.9.64

0.9.65

0.9.66

0.9.67

0.9.68

0.9.69

0.9.7

0.9.70

0.9.71

0.9.72

0.9.73

0.9.74

0.9.75

0.9.77

0.9.78

0.9.79

0.9.8

0.9.80

0.9.81

0.9.82

0.9.83

0.9.84

0.9.85

0.9.86

0.9.87

0.9.88

0.9.89

0.9.9

0.9.90

0.9.91

0.9.92

0.9.93

0.9.94

0.9.95

0.9.96

0.9.97

0.9.98

0.9.99

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-2661.json"