[ClusterLabs] Fix for CVE-2022-2735 in pcs 0.9 version
A Gunasekar
a.gunasekar at ericsson.com
Mon Sep 12 02:19:29 EDT 2022
Hi Team,
Please be informed, we have got notified from our security tool that our pcs version 0.9 is affected by the CVE-2022-2735.
It would be great if you help to get answers for the below queries.
* We are currently in RHEL 7.9 OS and using pcs 0.9 version, Is there any fix planned/available for this affection version (0.9.x) of pcs ?
* From Cluster Lab portal, we can see even the pcs 0.10.x (or) the main branch 0.11.x released versions don't have fix for this CVE. So kindly let us know in which release this CVE fix is planned ?
https://github.com/ClusterLabs/pcs/blob/main/CHANGELOG.md
Change Log
[Unreleased]
Security
CVE-2022-2735 pcs: obtaining an authentication token for hacluster user could lead to privilege escalation (rhbz#2116841)
Our system Details:-
OS Version: RHEL 7.9
Cluster lab PCS version: 0.9
[Ericsson]<http://www.ericsson.com/>
Gunasekar A
Senior Software Engineer
BDGS SA BSS PDU BSS PDG EC CH NGCRS
Mobile: +919894561292
Email ID: a.gunasekar at ericsson.com<mailto:gunalan.a.s at ericsson.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20220912/a18e3c9f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 320 bytes
Desc: image001.png
URL: <https://lists.clusterlabs.org/pipermail/users/attachments/20220912/a18e3c9f/attachment.png>
More information about the Users
mailing list