{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-2319", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2025-01-22T18:24:17.936Z", "dateReserved": "2023-04-27T00:00:00.000Z", "datePublished": "2023-05-17T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-05-17T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2."}], "affected": [{"vendor": "n/a", "product": "pcs", "versions": [{"version": "Affects pcs v0.11.4-6.el9, Fixed in pcs v0.11.4-7.el9_2", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190092"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-2319"}, {"url": "https://access.redhat.com/errata/RHSA-2023:2652"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "NA"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:19:14.889Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190092", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-2319", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:2652", "tags": ["x_transferred"]}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-22T18:24:13.790408Z", "id": "CVE-2023-2319", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-22T18:24:17.936Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190092", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-2319", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:2652", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:19:14.889Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-2319", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-22T18:24:13.790408Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-22T18:24:07.565Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "pcs", "versions": [{"status": "affected", "version": "Affects pcs v0.11.4-6.el9, Fixed in pcs v0.11.4-7.el9_2"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190092"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-2319"}, {"url": "https://access.redhat.com/errata/RHSA-2023:2652"}], "descriptions": [{"lang": "en", "value": "It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "NA"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-05-17T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2319", "state": "PUBLISHED", "dateUpdated": "2025-01-22T18:24:17.936Z", "dateReserved": "2023-04-27T00:00:00.000Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-05-17T00:00:00.000Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clusterlabs:pcs:0.11.4-6.el9:*:*:*:*:*:*:*", "matchCriteriaId": "0ABBFA45-72D7-461C-8DC7-CD36335472C0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "A1932BB0-54B5-4024-9856-3254B2B89DCA", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_high_availability_eus:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "7942663B-AF75-4B5A-9BFA-5C81D703FCCB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2."}], "id": "CVE-2023-2319", "lastModified": "2025-01-22T19:15:09.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-05-17T23:15:09.313", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:2652"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-2319"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190092"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:2652"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-2319"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190092"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2652", "cpe": "cpe:/a:redhat:enterprise_linux:9::highavailability", "package": "pcs-0:0.11.4-7.el9_2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "pcs: webpack: Regression of CVE-2023-28154 fixes in the Red Hat Enterprise Linux", "id": "2190092", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2190092"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status": "verified"}, "details": ["It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.", "It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2."], "name": "CVE-2023-2319", "public_date": "2023-05-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-2319\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2319"], "statement": "A user who installs or updates to Red Hat Enterprise Linux 9.2 would be vulnerable to the CVE-2023-28154, even if it is properly fixed in Red Hat Enterprise Linux 9.1. The CVE-2023-2319 was assigned to that Red Hat specific security regression and it is not applicable to any upstream PCS version or PCS packages of any other vendor that are not directly based on Red Hat Enterprise Linux packages.\nFor more details about the original security issue CVE-2023-28154, refer to the CVE page: https://access.redhat.com/security/cve/CVE-2023-28154.", "threat_severity": "Important"}