Vulnerability Name:

CVE-2018-1086 (CCN-141372)

Assigned:2017-12-04
Published:2018-04-09
Updated:2019-10-09
Summary:pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
6.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
4.0 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
4.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
4.0 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2018-1086

Source: CCN
Type: oss-sec Mailing List, Mon, 9 Apr 2018 13:28:08 +0200
pcs: disclosure of CVE-2018-1079 and CVE-2018-1086

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:1060

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:1927

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1086

Source: XF
Type: UNKNOWN
clusterlabs-pcs-cve20181086-info-disc(141372)

Source: CCN
Type: pcs GIT Repository
pcs

Source: DEBIAN
Type: Third Party Advisory
DSA-4169

Vulnerable Configuration:Configuration 1:
  • cpe:/a:clusterlabs:pacemaker_command_line_interface:0.9.164:*:*:*:*:*:*:*
  • OR cpe:/a:clusterlabs:pacemaker_command_line_interface:0.10:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:clusterlabs:pcs:0.9.157:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.redhat.rhsa:def:20181927
    P
    		RHSA-2018:1927: pcs security update (Moderate)
    2018-06-19
    oval:com.ubuntu.bionic:def:201810860000000
    V
    		CVE-2018-1086 on Ubuntu 18.04 LTS (bionic) - medium.
    2018-04-12
    oval:com.ubuntu.cosmic:def:20181086000
    V
    		CVE-2018-1086 on Ubuntu 18.10 (cosmic) - medium.
    2018-04-12
    oval:com.ubuntu.xenial:def:201810860000000
    V
    		CVE-2018-1086 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-04-12
    oval:com.ubuntu.xenial:def:20181086000
    V
    		CVE-2018-1086 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-04-12
    oval:com.ubuntu.disco:def:201810860000000
    V
    		CVE-2018-1086 on Ubuntu 19.04 (disco) - medium.
    2018-04-12
    oval:com.ubuntu.artful:def:20181086000
    V
    		CVE-2018-1086 on Ubuntu 17.10 (artful) - medium.
    2018-04-12
    oval:com.ubuntu.cosmic:def:201810860000000
    V
    		CVE-2018-1086 on Ubuntu 18.10 (cosmic) - medium.
    2018-04-12
    oval:com.ubuntu.bionic:def:20181086000
    V
    		CVE-2018-1086 on Ubuntu 18.04 LTS (bionic) - medium.
    2018-04-12
    oval:com.redhat.rhsa:def:20181060
    P
    		RHSA-2018:1060: pcs security update (Important)
    2018-04-10
    BACK
    clusterlabs pacemaker command line interface 0.9.164
    clusterlabs pacemaker command line interface 0.10
    debian debian linux 9.0
    redhat enterprise linux server eus 7.5
    redhat enterprise linux server eus 7.6
    clusterlabs pcs 0.9.157