Pacemaker/corosync Configuration System Project: Security Vulnerabilities
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
CVSS Score
8.5
EPSS Score
0.006
Published
2015-09-03
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.
CVSS Score
4.9
EPSS Score
0.001
Published
2015-09-03