CVE-2023-2319 Affecting pcs-snmp package, versions <0:0.11.4-7.el9_2


Severity

Recommended
high

Based on CentOS security rating.

Threat Intelligence

EPSS
0.17% (56th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CENTOS9-PCSSNMP-5497669
  • published5 May 2023
  • disclosed9 May 2023

Introduced: 5 May 2023

CVE-2023-2319  (opens in a new tab)

How to fix?

Upgrade Centos:9 pcs-snmp to version 0:0.11.4-7.el9_2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream pcs-snmp package and not the pcs-snmp package as distributed by Centos. See How to fix? for Centos:9 relevant fixed versions and status.

It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.

CVSS Scores

version 3.1