Vulnerability Details : CVE-2015-5189
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.
Products affected by CVE-2015-5189
- Pacemaker/corosync Configuration System Project » Pacemaker/corosync Configuration SystemVersions up to, including, (<=) 0.9.139cpe:2.3:a:pacemaker\/corosync_configuration_system_project:pacemaker\/corosync_configuration_system:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-5189
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-5189
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.9
|
MEDIUM | AV:N/AC:M/Au:S/C:P/I:P/A:N |
6.8
|
4.9
|
NIST |
CWE ids for CVE-2015-5189
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5189
-
https://bugzilla.redhat.com/show_bug.cgi?id=1252805
1252805 – (CVE-2015-5189) CVE-2015-5189 pcs: Incorrect authorization when using pcs web UI
-
http://rhn.redhat.com/errata/RHSA-2015-1700.html
RHSA-2015:1700 - Security Advisory - Red Hat Customer Portal
Jump to