Hi Team, Please be informed, we have got notified from our security tool that our pcs version 0.9 is affected by the CVE-2022-2735. It would be great if you help to get answers for the below queries.
* We are currently in RHEL 7.9 OS and using pcs 0.9 version, Is there any fix planned/available for this affection version (0.9.x) of pcs ? * From Cluster Lab portal, we can see even the pcs 0.10.x (or) the main branch 0.11.x released versions don't have fix for this CVE. So kindly let us know in which release this CVE fix is planned ? https://github.com/ClusterLabs/pcs/blob/main/CHANGELOG.md Change Log [Unreleased] Security CVE-2022-2735 pcs: obtaining an authentication token for hacluster user could lead to privilege escalation (rhbz#2116841) Our system Details:- OS Version: RHEL 7.9 Cluster lab PCS version: 0.9 [Ericsson]<http://www.ericsson.com/> Gunasekar A Senior Software Engineer BDGS SA BSS PDU BSS PDG EC CH NGCRS Mobile: +919894561292 Email ID: [email protected]<mailto:[email protected]>
_______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
