CVE-2015-1867
Redhat Enterprise Linux High Availability < 1.1.12 - Access Control
Title source: ruleDescription
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169995.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1424.html
Patch x_refsource_confirm
https://github.com/ClusterLabs/pacemaker/commit/84ac07c
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170610.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1211370
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201710-08
Third Party Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74231
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-2383.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169671.html
Scores
EPSS
0.0300
EPSS Percentile
85.7%
Details
CWE
CWE-264
Status
published
Products (5)
clusterlabs/pacemaker
< 1.1.12
redhat/enterprise_linux_high_availability
6.0
redhat/enterprise_linux_high_availability
7.0
redhat/enterprise_linux_resilient_storage
6.0
redhat/enterprise_linux_resilient_storage
7.0
Published
Aug 12, 2015
Tracked Since
Feb 18, 2026