Bug 2116815 (CVE-2022-2735) - CVE-2022-2735 pcs: obtaining an authentication token for hacluster user could lead to privilege escalation
Summary: CVE-2022-2735 pcs: obtaining an authentication token for hacluster user could...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-2735
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2116835 2116836 2116837 2116838 2116839 2116841 2123389
Blocks: 2115681 2123601
TreeView+ depends on / blocked
 
Reported: 2022-08-09 11:25 UTC by TEJ RATHI
Modified: 2022-09-07 04:36 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.
Clone Of:
Environment:
Last Closed: 2022-09-06 08:45:13 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:6312 0 None None None 2022-09-01 15:10:29 UTC
Red Hat Product Errata RHSA-2022:6313 0 None None None 2022-09-01 15:14:55 UTC
Red Hat Product Errata RHSA-2022:6314 0 None None None 2022-09-01 15:15:43 UTC
Red Hat Product Errata RHSA-2022:6341 0 None None None 2022-09-05 15:29:38 UTC

Description TEJ RATHI 2022-08-09 11:25:17 UTC
A security issue was discovered in pcs project. It is caused by incorrect permissions on a unix socket used for internal communication between pcs daemons. A privilege escalation could happen by obtaining authentication token for hacluster user. With the hacluster token, an attacker has complete control over the cluster managed by pcs. The bug was introduced in pcs version 0.10.5 by this bz [1]

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1783106

Comment 4 TEJ RATHI 2022-09-01 14:11:41 UTC
Created pcs tracking bugs for this issue:

Affects: fedora-all [bug 2123389]

Comment 5 TEJ RATHI 2022-09-01 14:13:30 UTC
The issue is public now : https://www.openwall.com/lists/oss-security/2022/09/01/4

Comment 6 errata-xmlrpc 2022-09-01 15:10:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Extended Update Support

Via RHSA-2022:6312 https://access.redhat.com/errata/RHSA-2022:6312

Comment 7 errata-xmlrpc 2022-09-01 15:14:52 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6313 https://access.redhat.com/errata/RHSA-2022:6313

Comment 8 errata-xmlrpc 2022-09-01 15:15:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:6314 https://access.redhat.com/errata/RHSA-2022:6314

Comment 9 errata-xmlrpc 2022-09-05 15:29:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Extended Update Support

Via RHSA-2022:6341 https://access.redhat.com/errata/RHSA-2022:6341

Comment 10 Product Security DevOps Team 2022-09-06 08:45:11 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2735


Note You need to log in before you can comment on or make changes to this bug.