CVE-2022-2735

Summary

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

Affected Software

VendorProductVersion RangeStatus
n/aClusterLabs/pcsAffects v0.10.5 and later including all 0.11.x.affected

Weaknesses

  • CWE-276: CWE-276 - Incorrect Default Permissions.

ADP Enrichment

CVE Program Container

Additional References

References