Download
| Alert*
oval:org.secpod.oval:def:204823
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: Privilege escalation via authorized user malicious REST call * pcs: Debug parameter removal bypass, allowing information disclosure * rack-protection: Timing attack in authen ... oval:org.secpod.oval:def:1700028 Debug parameter removal bypass, allowing information disclosureIt was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to eleva ... oval:org.secpod.oval:def:1502193 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:603454 A timing attack was discovered in the function for CSRF token validation of the "Ruby rack protection" framework. oval:org.secpod.oval:def:53371 A timing attack was discovered in the function for CSRF token validation of the "Ruby rack protection" framework. |