CVE-2018-1079
- Source
- https://cve.org/CVERecord?id=CVE-2018-1079
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1079.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-1079
- Downstream
- Published
- 2018-04-12T17:29:00.233Z
- Modified
- 2026-04-11T12:06:34.719562Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:a:clusterlabs:pacemaker_command_line_interface:0.10:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "0.10" } ] }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "7.0" } ] }, { "cpe": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "7.5" } ] } ] }- References
Affected packages
Git / github.com/clusterlabs/pcs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/clusterlabs/pcs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "cpe": "cpe:2.3:a:clusterlabs:pacemaker_command_line_interface:*:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "0.9.164" } ] }
Affected versions
0.*
0.9.100
0.9.101
0.9.102
0.9.103
0.9.104
0.9.105
0.9.106
0.9.107
0.9.108
0.9.109
0.9.110
0.9.111
0.9.112
0.9.113
0.9.114
0.9.115
0.9.116
0.9.117
0.9.118
0.9.119
0.9.120
0.9.121
0.9.122
0.9.123
0.9.124
0.9.125
0.9.126
0.9.127
0.9.128
0.9.129
0.9.130
0.9.131
0.9.132
0.9.134
0.9.135
0.9.136
0.9.137
0.9.138
0.9.139
0.9.140
0.9.141
0.9.142
0.9.143
0.9.144
0.9.145
0.9.146
0.9.147
0.9.148
0.9.149
0.9.150
0.9.151
0.9.152
0.9.153
0.9.154
0.9.155
0.9.156
0.9.157
0.9.158
0.9.159
0.9.160
0.9.161
0.9.162
0.9.163
0.9.164
0.9.2
0.9.3
0.9.3.1
0.9.30
0.9.31
0.9.32
0.9.34
0.9.35
0.9.36
0.9.37
0.9.38
0.9.39
0.9.4
0.9.40
0.9.41
0.9.42
0.9.43
0.9.44
0.9.45
0.9.46
0.9.47
0.9.48
0.9.49
0.9.5
0.9.50
0.9.51
0.9.52
0.9.53
0.9.54
0.9.55
0.9.56
0.9.57
0.9.58
0.9.59
0.9.6
0.9.60
0.9.61
0.9.62
0.9.63
0.9.64
0.9.65
0.9.66
0.9.67
0.9.68
0.9.69
0.9.7
0.9.70
0.9.71
0.9.72
0.9.73
0.9.74
0.9.75
0.9.77
0.9.78
0.9.79
0.9.8
0.9.80
0.9.81
0.9.82
0.9.83
0.9.84
0.9.85
0.9.86
0.9.87
0.9.88
0.9.89
0.9.9
0.9.90
0.9.91
0.9.92
0.9.93
0.9.94
0.9.95
0.9.96
0.9.97
0.9.98
0.9.99