Cédric Buissart

**Name of the Vulnerable Software and Affected Versions** pcs versions prior to 0.9.164 pcs version 0.10 and earlier **Description** The issue concerns a debug parameter removal bypass in the pcsd service's REST interface. Specifically, the `/run pcs` query did not properly remove the pcs debug argument, which could potentially disclose sensitive information. A remote attacker with a valid token could exploit this flaw to elevate their privilege. **Recommendations** For pcs versions prior to 0.9.164, update to version 0.9.164 or later to resolve the issue. For pcs version 0.10 and earlier, update to a version later than 0.10 to resolve the issue. As a temporary workaround, consider restricting access to the `/run pcs` query to minimize the risk of exploitation.