pcs is vulnerable to arbitrary file write attacks. An authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process via malicious REST calls.
CPE | Name | Operator | Version |
---|---|---|---|
pcs | eq | 0.9.137__13.el7_1.2 | |
pcs | eq | 0.9.158__4.el7 |