CVE-2018-1086

Priority
Description
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter
removal bypass. REST interface of the pcsd service did not properly remove
the pcs debug argument from the /run_pcs query, possibly disclosing
sensitive information. A remote attacker with a valid token could use this
flaw to elevate their privilege.
Notes
Package
Source: pcs (LP Ubuntu Debian)
Upstream:released (0.9.164-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.9.164-1)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (0.10.1-2)
Ubuntu 20.10 (Groovy Gorilla):not-affected (0.10.1-2)
More Information

Updated: 2020-07-28 18:48:26 UTC (commit 7b6828437fde0509248708fcdb5b0f7587b85bd1)