Vulnerability Details CVE-2023-2319
It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.8%
CVSS Severity
CVSS v3 Score 9.8
References
- https://access.redhat.com/errata/RHSA-2023:2652
- https://access.redhat.com/security/cve/CVE-2023-2319
- https://bugzilla.redhat.com/show_bug.cgi?id=2190092
- https://access.redhat.com/errata/RHSA-2023:2652
- https://access.redhat.com/security/cve/CVE-2023-2319
- https://bugzilla.redhat.com/show_bug.cgi?id=2190092
Products affected by CVE-2023-2319
-
cpe:2.3:a:clusterlabs:pcs:0.11.4-6.el9
-
cpe:2.3:o:redhat:enterprise_linux_high_availability:9.0
-
cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:9.2