← Back

CVE-2015-1867

nvd nist
Published: Aug 12, 2015Modified: May 6, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.

Affected (5)

Redhat
2 products
Enterprise Linux High Availability
Enterprise Linux Resilient Storage
Clusterlabs
1 product
Pacemaker
Configuration A
4 vulnerable
Vulnerable SoftwareAffected Versions
Redhat
Enterprise Linux High Availability
Version 6.0
Enterprise Linux High Availability
Version 7.0
Redhat
Enterprise Linux Resilient Storage
Version 6.0
Enterprise Linux Resilient Storage
Version 7.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Pacemaker
Up to 1.1.12

Related CWEs

CWE-264
CWE-264

References (18)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Third Party Advisory
Source: secalert@redhat.com
Issue Tracking
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.