#VU75917 Improper access control in pcs (Red Hat package) - CVE-2023-2319

Cybersecurity Help s.r.o.

Published: 2023-05-09

Vulnerability identifier: #VU75917

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-2319

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
pcs (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor: Red Hat Inc.

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to a missing fix for #VU74478 (CVE-2023-28154). A remote attacker who controls a property of an untrusted object can obtain access to the real global object.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

pcs (Red Hat package): before 0.11.4-7.el9_2

External links
https://bugzilla.redhat.com/show_bug.cgi?id=2190092

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 9 update for pcs