Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.
CVSS Information
N/A
Vulnerability Type
缺省权限不正确
Vulnerability Title
PCS 安全漏洞
Vulnerability Description
PCS是ClusterLabs开源的一个 Corosync 和 Pacemaker 配置工具。 PCS存在安全漏洞,该漏洞源于用于在PCS守护进程之间进行内部通信的Unix套接字上未正确配置权限导致攻击者通过获取hacluster用户的身份验证令牌,可以实现权限升级,完全控制由PCS管理的集群。
CVSS Information
N/A
Vulnerability Type
N/A