pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
CPE | Name | Operator | Version |
---|---|---|---|
pacemaker_command_line_interface | eq | 0.10 | |
pacemaker_command_line_interface | le | 0.9.164 | |
enterprise_linux | eq | 7.0 | |
enterprise_linux | eq | 7.5 |