CVE-2018-1086

Priority
Description
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter
removal bypass. REST interface of the pcsd service did not properly remove
the pcs debug argument from the /run_pcs query, possibly disclosing
sensitive information. A remote attacker with a valid token could use this
flaw to elevate their privilege.
Notes
Package
Source: pcs (LP Ubuntu Debian)
Upstream:released (0.9.164-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.9.164-1)
Ubuntu 19.04 (Disco Dingo):not-affected (0.10.1-2)
Ubuntu 19.10 (Eoan Ermine):not-affected (0.10.1-2)
Ubuntu 20.04 (Focal Fossa):not-affected (0.10.1-2)
More Information

Updated: 2019-12-05 19:52:13 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)