{"id":"CVE-2018-1086","details":"pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege.","modified":"2026-07-07T08:49:45.108349926Z","published":"2018-04-12T16:29:00.417Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"0.10"},{"last_affected":"0.10"}],"source":"CPE_STRING","vendor_product":"clusterlabs:pacemaker_command_line_interface","cpes":["cpe:2.3:a:clusterlabs:pacemaker_command_line_interface:0.10:*:*:*:*:*:*:*"]},{"vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"9.0"},{"last_affected":"9.0"}],"source":"CPE_STRING"},{"source":"CPE_STRING","vendor_product":"redhat:enterprise_linux_server_eus","cpes":["cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"7.5"},{"last_affected":"7.5"},{"introduced":"7.6"},{"last_affected":"7.6"}]}]},"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1060"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:1927"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4169"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1086"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/clusterlabs/pcs","events":[{"introduced":"04d95885c291a15d84ffb6396cd335a259226746"},{"last_affected":"04d95885c291a15d84ffb6396cd335a259226746"}],"database_specific":{"source":"CPE_STRING","cpe":"cpe:2.3:a:clusterlabs:pacemaker_command_line_interface:0.9.164:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0.9.164"},{"last_affected":"0.9.164"}]}}],"versions":["0.9.164"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1086.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}