Fluid Attacks Database

Description

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	pcs	>=0 <0.9.155+dfsg-2	0.9.155+dfsg-2
debian 14	pcs	>=0 <0.9.155+dfsg-2	0.9.155+dfsg-2
debian 12	pcs	>=0 <0.9.155+dfsg-2	0.9.155+dfsg-2
debian 13	pcs	>=0 <0.9.155+dfsg-2	0.9.155+dfsg-2
rpm rhel7	pcs	-	-
rpm rhel6	pcs	-	-

Aliases

1. CVE-2017-26612. NVD-2017-26613. OSV-DEBIAN-2017-26614. OSV-2017-26615. SECURITY-TRACKER-CVE-2017-2661