CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
83.5%
Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux_high_availability | 6.0 | cpe:2.3:o:redhat:enterprise_linux_high_availability:6.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_high_availability | 7.0 | cpe:2.3:o:redhat:enterprise_linux_high_availability:7.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_resilient_storage | 6.0 | cpe:2.3:o:redhat:enterprise_linux_resilient_storage:6.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_resilient_storage | 7.0 | cpe:2.3:o:redhat:enterprise_linux_resilient_storage:7.0:*:*:*:*:*:*:* |
clusterlabs | pacemaker | * | cpe:2.3:a:clusterlabs:pacemaker:*:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2015-November/170610.html
lists.fedoraproject.org/pipermail/package-announce/2015-October/169671.html
lists.fedoraproject.org/pipermail/package-announce/2015-October/169995.html
rhn.redhat.com/errata/RHSA-2015-1424.html
rhn.redhat.com/errata/RHSA-2015-2383.html
www.securityfocus.com/bid/74231
bugzilla.redhat.com/show_bug.cgi?id=1211370
github.com/ClusterLabs/pacemaker/commit/84ac07c
security.gentoo.org/glsa/201710-08