Unknown · Corosync/Pacemaker Pcs · CVE-2022-2735
**Name of the Vulnerable Software and Affected Versions**
corosync/pacemaker PCS (affected versions not specified)
**Description**
The issue is related to insufficient authentication procedure in the corosync/pacemaker PCS utility, which can be exploited by a remote attacker to escalate privileges. This occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons, allowing an attacker to obtain an authentication token for a hacluster user and gain complete control over the cluster managed by PCS.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.