Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
pcs 信息泄露漏洞
Vulnerability Description
pcs是一套利用命令行和Web UI来配置和管理Pacemaker和Corosync(集群软件)的工具。 pcs 0.9.164之前版本和0.10之前版本中存在信息泄露漏洞,该漏洞源于程序没有正确地从/run_pcs查询中移除‘--debug’参数。远程攻击者可利用该漏洞获取敏感信息,提升权限。
CVSS Information
N/A
Vulnerability Type
N/A