Lucene search
HistorySep 03, 2015 - 2:59 p.m.
CVE-2015-5190
security
vulnerability
pcsd
web ui
command execution
url
nvd
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
7.1 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.7%
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via “escape characters” in a URL.
Affected configurations
Node
pacemaker\/corosync_configuration_system_projectpacemaker\/corosync_configuration_systemRange≤0.9.139
Related
cvelist
cvelist
CVE-2015-5190
2015-09-03 14:00:00
debiancve
debiancve
CVE-2015-5190
2015-09-03 14:59:04
prion
prion
Code injection
2015-09-03 14:59:00
nvd
nvd
CVE-2015-5190
2015-09-03 14:59:04
openvas
openvas
Fedora Update for pcs FEDORA-2015-15065
2015-09-19 00:00:00
CentOS Update for pcs CESA-2015:1700 centos6
2015-09-02 00:00:00
CentOS Update for pcs CESA-2015:1700 centos7
2015-09-02 00:00:00
nessus
nessus
Fedora 22 : pcs-0.9.139-7.fc22 (2015-14983)
2015-09-21 00:00:00
Fedora 21 : pcs-0.9.137-5.fc21 (2015-15065)
2015-09-21 00:00:00
RHEL 6 / 7 : pcs (RHSA-2015:1700)
2016-02-09 00:00:00
centos
centos
pcs, python security update
2015-09-01 15:34:49
redhat
redhat
(RHSA-2015:1700) Important: pcs security update
2015-09-01 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: pcs-0.9.139-7.fc22
2015-09-18 20:56:02
[SECURITY] Fedora 21 Update: pcs-0.9.137-5.fc21
2015-09-18 22:22:41
veracode
veracode
Privilege Escalation
2019-05-02 05:18:13
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:S/C:C/I:C/A:C
7.1 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.7%
Related for CVE-2015-5190