INFSA-2024:10987: pcs security update
Information about definition
Identificator: INFSA-2024:10987
Type: security
Release date: 2025-06-26 18:23:52 UTC
Information about package
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Vulnerabilities description
- CVE-2024-21510
A flaw was found in Sinatra. This vulnerability allows an Open Redirect attack via the X-Forwarded-Host (XFH) header, potentially enabling Cache Poisoning or Server-Side Request Forgery (SSRF) when used in caching servers or reverse proxies.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-21510
|
no information | 5.4 | no information |
Updated packages