CVE-2018-1079
HIGHpacemaker_command_line_interface < 0.9.164 - Authenticated Arbitrary File Write via REST /remote/put_file
Title source: llmDescription
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://access.redhat.com/errata/RHSA-2018:1060
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1079
Scores
CVSS v3
8.7
EPSS
0.0110
EPSS Percentile
61.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H
Details
CWE
CWE-552
CWE-22
Status
published
Products (4)
clusterlabs/pacemaker_command_line_interface
0.10
clusterlabs/pacemaker_command_line_interface
< 0.9.164
redhat/enterprise_linux
7.0
redhat/enterprise_linux
7.5
Published
Apr 12, 2018
Tracked Since
Feb 18, 2026