A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-09-06T17:18:51

Updated: 2024-08-03T00:46:04.116Z

Reserved: 2022-08-09T00:00:00

Link: CVE-2022-2735

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-09-06T18:15:14.880

Modified: 2024-11-21T07:01:36.417

Link: CVE-2022-2735

cve-icon Redhat

Severity : Important

Publid Date: 2022-09-01T14:00:00Z

Links: CVE-2022-2735 - Bugzilla