CVE-2015-5189

Pacemaker/PCS < 0.9.139 - Authenticated Privilege Escalation via Username Validation Race Condition

Title source: llm
STIX 2.1

Description

Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.

References (2)

Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1252805
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1700.html

Scores

EPSS 0.0098
EPSS Percentile 57.7%

Details

CWE
CWE-362
Status published
Products (1)
pacemaker\/corosync_configuration_system_project/pacemaker\/corosync_configuration_system < 0.9.139
Published Sep 03, 2015
Tracked Since Feb 18, 2026