{"id":"CVE-2018-1086","details":"pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.","modified":"2026-05-15T12:03:09.655215495Z","published":"2018-04-12T16:29:00.417Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:a:clusterlabs:pacemaker_command_line_interface:0.10:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"0.10"}],"source":"CPE_FIELD","vendor_product":"clusterlabs:pacemaker_command_line_interface"},{"cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"9.0"}],"source":"CPE_FIELD","vendor_product":"debian:debian_linux"},{"cpes":["cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.5"},{"last_affected":"7.6"}],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux_server_eus"}]},"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1060"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1927"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4169"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1086"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}