CVE-2018-1079
MEDIUM6.5EPSS 0.41%發布日:2018/4/12修改日:2026/4/28
也稱為:DEBIAN-CVE-2018-1079
描述
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. The REST interface of the pcsd service did not properly sanitize the file name from the /remote/put_file query. If the /etc/booth directory exists, an authenticated attacker with write permissions could create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process.
受影響套件(1)
- Debian/pcsfrom 0, < 0.9.164-1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |