Description
A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
Problem types
Improper Link Resolution Before File Access ('Link Following')
Product status
0:5.3.7-22.el8_10 (rpm) before *
0:5.0.2-9.el8_2 (rpm) before *
0:5.2.5-8.el8_4 (rpm) before *
0:5.2.5-8.el8_4 (rpm) before *
0:5.2.5-8.el8_4 (rpm) before *
0:5.3.5-10.el8_6 (rpm) before *
0:5.3.5-10.el8_6 (rpm) before *
0:5.3.5-10.el8_6 (rpm) before *
0:5.3.7-19.el8_8 (rpm) before *
0:6.2.0-5.el9_4 (rpm) before *
0:6.2.2-7.el9_5 (rpm) before *
0:5.3.5-10.el9_0 (rpm) before *
0:6.0.1-8.el9_2 (rpm) before *
Timeline
| 2024-09-06: | Reported to Red Hat. |
| 2024-09-17: | Made public. |
References
access.redhat.com/errata/RHSA-2024:6837 (RHSA-2024:6837)
access.redhat.com/errata/RHSA-2024:6840 (RHSA-2024:6840)
access.redhat.com/errata/RHSA-2024:6842 (RHSA-2024:6842)
access.redhat.com/errata/RHSA-2024:6843 (RHSA-2024:6843)
access.redhat.com/errata/RHSA-2024:6844 (RHSA-2024:6844)
access.redhat.com/errata/RHSA-2024:6846 (RHSA-2024:6846)
access.redhat.com/errata/RHSA-2024:6847 (RHSA-2024:6847)
access.redhat.com/errata/RHSA-2024:6848 (RHSA-2024:6848)
access.redhat.com/errata/RHSA-2024:9452 (RHSA-2024:9452)
access.redhat.com/security/cve/CVE-2024-45770
bugzilla.redhat.com/show_bug.cgi?id=2310451 (RHBZ#2310451)
