CVE-2015-5190

Pacemaker/PCS < 0.9.139 - Authenticated Remote Code Execution via URL Escape Characters

Title source: llm
STIX 2.1

Description

The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.

References (2)

Core 2
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1252813
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1700.html

Scores

EPSS 0.0254
EPSS Percentile 83.0%

Details

CWE
CWE-77
Status published
Products (1)
pacemaker\/corosync_configuration_system_project/pacemaker\/corosync_configuration_system < 0.9.139
Published Sep 03, 2015
Tracked Since Feb 18, 2026