Published: 06/09/2022 Updated: 25/01/2024

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an malicious user to have complete control over the cluster managed by PCS.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clusterlabs pcs
debian debian linux 11.0

Debian Bug report logs - #1018930 pcs: CVE-2022-2735: Obtaining an authentication token for hacluster user leads to privilege escalation Package: src:pcs; Maintainer for src:pcs is Debian HA Maintainers <debian-ha-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 2 ...

Two security issues were discovered in pcs, a corosync and pacemaker configuration tool: CVE-2022-1049 It was discovered that expired accounts were still able to login via PAM CVE-2022-2735 Ondrej Mular discovered that incorrect permissions on a Unix socket setup for internal communication could result in privilege escalation Fo ...

Synopsis Important: pcs security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...

Synopsis Important: pcs security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this u ...

Synopsis Important: pcs security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rated this u ...

Synopsis Important: pcs security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for pcs is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security ...

A vulnerability was found in the PCS project This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons A privilege escalation could happen by obtaining an authentication token for a hacluster user With the "hacluster" token, this flaw allows an attacker to have complete control over the c ...

CWE-276 https://www.openwall.com/lists/oss-security/2022/09/01/4 https://bugzilla.redhat.com/show_bug.cgi?id=2116815 https://access.redhat.com/security/cve/CVE-2022-2735 https://www.debian.org/security/2022/dsa-5226 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018930 https://nvd.nist.gov https://www.debian.org/security/2022/dsa-5226

CVE-2022-2735

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect