cvedb.io
CVE-2022-2735
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2022-09-06T18:15:14.880 · Last modified 2026-06-17T04:42:28.830

Summary

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.

Affected products

clusterlabs — pcs

Does this affect you?

Add your gear to cvedb and we'll alert you only when clusterlabs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.