Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-5190 (GCVE-0-2015-5190)
Vulnerability from cvelistv5 – Published: 2015-09-03 14:00 – Updated: 2024-08-06 06:41
VLAI?
EPSS
Summary
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:41:07.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
},
{
"name": "RHSA-2015:1700",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-09-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via \"escape characters\" in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-09-03T13:57:02.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
},
{
"name": "RHSA-2015:1700",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-5190",
"datePublished": "2015-09-03T14:00:00.000Z",
"dateReserved": "2015-07-01T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:41:07.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:pacemaker\\\\/corosync_configuration_system_project:pacemaker\\\\/corosync_configuration_system:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.9.139\", \"matchCriteriaId\": \"69E6BE70-8D68-4908-B755-AC7509BC9B40\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via \\\"escape characters\\\" in a URL.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad en la web UI pcsd en PCS 0.9.139 y en versiones anteriores, permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\\u00e9s de \u0027caracteres de escape\u0027 en una URL.\"}]",
"id": "CVE-2015-5190",
"lastModified": "2024-11-21T02:32:31.943",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:C/I:C/A:C\", \"baseScore\": 8.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 6.8, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2015-09-03T14:59:04.337",
"references": "[{\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1700.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1252813\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1700.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1252813\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-77\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-5190\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-09-03T14:59:04.337\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via \\\"escape characters\\\" in a URL.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad en la web UI pcsd en PCS 0.9.139 y en versiones anteriores, permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de \u0027caracteres de escape\u0027 en una URL.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:C/I:C/A:C\",\"baseScore\":8.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.8,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-77\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pacemaker\\\\/corosync_configuration_system_project:pacemaker\\\\/corosync_configuration_system:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.9.139\",\"matchCriteriaId\":\"69E6BE70-8D68-4908-B755-AC7509BC9B40\"}]}]}],\"references\":[{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1700.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1252813\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1700.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1252813\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
FKIE_CVE-2015-5190
Vulnerability from fkie_nvd - Published: 2015-09-03 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| pacemaker\/corosync_configuration_system_project | pacemaker\/corosync_configuration_system | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pacemaker\\/corosync_configuration_system_project:pacemaker\\/corosync_configuration_system:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69E6BE70-8D68-4908-B755-AC7509BC9B40",
"versionEndIncluding": "0.9.139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via \"escape characters\" in a URL."
},
{
"lang": "es",
"value": "Vulnerabilidad en la web UI pcsd en PCS 0.9.139 y en versiones anteriores, permite a usuarios remotos autenticados ejecutar comandos arbitrarios a trav\u00e9s de \u0027caracteres de escape\u0027 en una URL."
}
],
"id": "CVE-2015-5190",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-03T14:59:04.337",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-CR7H-75CF-WM8X
Vulnerability from github – Published: 2022-05-17 04:08 – Updated: 2022-05-17 04:08
VLAI?
Details
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
{
"affected": [],
"aliases": [
"CVE-2015-5190"
],
"database_specific": {
"cwe_ids": [
"CWE-77"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-09-03T14:59:00Z",
"severity": "HIGH"
},
"details": "The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via \"escape characters\" in a URL.",
"id": "GHSA-cr7h-75cf-wm8x",
"modified": "2022-05-17T04:08:20Z",
"published": "2022-05-17T04:08:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5190"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2015:1700"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2015-5190"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2015-5190
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-5190",
"description": "The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via \"escape characters\" in a URL.",
"id": "GSD-2015-5190",
"references": [
"https://access.redhat.com/errata/RHSA-2015:1700"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-5190"
],
"details": "The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via \"escape characters\" in a URL.",
"id": "GSD-2015-5190",
"modified": "2023-12-13T01:20:06.016256Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via \"escape characters\" in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2015-1700.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:pacemaker\\/corosync_configuration_system_project:pacemaker\\/corosync_configuration_system:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.9.139",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5190"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via \"escape characters\" in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1700",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T00:50Z",
"publishedDate": "2015-09-03T14:59Z"
}
}
}
RHSA-2015_1700
Vulnerability from csaf_redhat - Published: 2015-09-01 13:41 - Updated: 2024-11-22 09:27Summary
Red Hat Security Advisory: pcs security update
Notes
Topic
Updated pcs packages that fix two security issues are now available for Red
Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The pcs packages provide a command-line configuration system for the
Pacemaker and Corosync utilities.
A command injection flaw was found in the pcsd web UI. An attacker able to
trick a victim that was logged in to the pcsd web UI into visiting a
specially crafted URL could use this flaw to execute arbitrary code with
root privileges on the server hosting the web UI. (CVE-2015-5190)
A race condition was found in the way the pcsd web UI backend performed
authorization of user requests. An attacker could use this flaw to send a
request that would be evaluated as originating from a different user,
potentially allowing the attacker to perform actions with permissions of a
more privileged user. (CVE-2015-5189)
These issues were discovered by Tomáš Jelínek of Red Hat.
All pcs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated pcs packages that fix two security issues are now available for Red\nHat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities.\n\nA command injection flaw was found in the pcsd web UI. An attacker able to\ntrick a victim that was logged in to the pcsd web UI into visiting a\nspecially crafted URL could use this flaw to execute arbitrary code with\nroot privileges on the server hosting the web UI. (CVE-2015-5190)\n\nA race condition was found in the way the pcsd web UI backend performed\nauthorization of user requests. An attacker could use this flaw to send a\nrequest that would be evaluated as originating from a different user,\npotentially allowing the attacker to perform actions with permissions of a\nmore privileged user. (CVE-2015-5189)\n\nThese issues were discovered by Tom\u00e1\u0161 Jel\u00ednek of Red Hat.\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1700",
"url": "https://access.redhat.com/errata/RHSA-2015:1700"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1252805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"
},
{
"category": "external",
"summary": "1252813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1700.json"
}
],
"title": "Red Hat Security Advisory: pcs security update",
"tracking": {
"current_release_date": "2024-11-22T09:27:21+00:00",
"generator": {
"date": "2024-11-22T09:27:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2015:1700",
"initial_release_date": "2015-09-01T13:41:46+00:00",
"revision_history": [
{
"date": "2015-09-01T13:41:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-09-01T13:41:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T09:27:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.139-9.el6_7.1.x86_64",
"product": {
"name": "pcs-0:0.9.139-9.el6_7.1.x86_64",
"product_id": "pcs-0:0.9.139-9.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.139-9.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"product": {
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"product_id": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.139-9.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"product": {
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"product_id": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.137-13.el7_1.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"product": {
"name": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"product_id": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-clufter@0.9.137-13.el7_1.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-0:0.9.137-13.el7_1.4.x86_64",
"product": {
"name": "pcs-0:0.9.137-13.el7_1.4.x86_64",
"product_id": "pcs-0:0.9.137-13.el7_1.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.139-9.el6_7.1.src",
"product": {
"name": "pcs-0:0.9.139-9.el6_7.1.src",
"product_id": "pcs-0:0.9.139-9.el6_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.139-9.el6_7.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "pcs-0:0.9.137-13.el7_1.4.src",
"product": {
"name": "pcs-0:0.9.137-13.el7_1.4.src",
"product_id": "pcs-0:0.9.137-13.el7_1.4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"product": {
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"product_id": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.139-9.el6_7.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pcs-0:0.9.139-9.el6_7.1.i686",
"product": {
"name": "pcs-0:0.9.139-9.el6_7.1.i686",
"product_id": "pcs-0:0.9.139-9.el6_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.139-9.el6_7.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.139-9.el6_7.1.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686"
},
"product_reference": "pcs-0:0.9.139-9.el6_7.1.i686",
"relates_to_product_reference": "6Server-HighAvailability-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.139-9.el6_7.1.src as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src"
},
"product_reference": "pcs-0:0.9.139-9.el6_7.1.src",
"relates_to_product_reference": "6Server-HighAvailability-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.139-9.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64"
},
"product_reference": "pcs-0:0.9.139-9.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-HighAvailability-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686"
},
"product_reference": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"relates_to_product_reference": "6Server-HighAvailability-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-HighAvailability-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.139-9.el6_7.1.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686"
},
"product_reference": "pcs-0:0.9.139-9.el6_7.1.i686",
"relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.139-9.el6_7.1.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src"
},
"product_reference": "pcs-0:0.9.139-9.el6_7.1.src",
"relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.139-9.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64"
},
"product_reference": "pcs-0:0.9.139-9.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686"
},
"product_reference": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.4.src as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.4.src",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.4.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-clufter-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
},
"product_reference": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.4.src as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.4.src",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.4.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-clufter-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
},
"product_reference": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tom\u00e1\u0161 Jel\u00ednek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-5189",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2015-08-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1252805"
}
],
"notes": [
{
"category": "description",
"text": "A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcs: Incorrect authorization when using pcs web UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5189"
},
{
"category": "external",
"summary": "RHBZ#1252805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5189"
}
],
"release_date": "2015-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-01T13:41:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1700"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pcs: Incorrect authorization when using pcs web UI"
},
{
"acknowledgments": [
{
"names": [
"Tom\u00e1\u0161 Jel\u00ednek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-5190",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2015-08-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1252813"
}
],
"notes": [
{
"category": "description",
"text": "A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcs: Command injection with root privileges.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5190"
},
{
"category": "external",
"summary": "RHBZ#1252813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5190",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5190"
}
],
"release_date": "2015-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-01T13:41:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1700"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcs: Command injection with root privileges."
}
]
}
RHSA-2015:1700
Vulnerability from csaf_redhat - Published: 2015-09-01 13:41 - Updated: 2025-11-21 17:53Summary
Red Hat Security Advisory: pcs security update
Notes
Topic
Updated pcs packages that fix two security issues are now available for Red
Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
The pcs packages provide a command-line configuration system for the
Pacemaker and Corosync utilities.
A command injection flaw was found in the pcsd web UI. An attacker able to
trick a victim that was logged in to the pcsd web UI into visiting a
specially crafted URL could use this flaw to execute arbitrary code with
root privileges on the server hosting the web UI. (CVE-2015-5190)
A race condition was found in the way the pcsd web UI backend performed
authorization of user requests. An attacker could use this flaw to send a
request that would be evaluated as originating from a different user,
potentially allowing the attacker to perform actions with permissions of a
more privileged user. (CVE-2015-5189)
These issues were discovered by Tomáš Jelínek of Red Hat.
All pcs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated pcs packages that fix two security issues are now available for Red\nHat Enterprise Linux 6 and 7.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line configuration system for the\nPacemaker and Corosync utilities.\n\nA command injection flaw was found in the pcsd web UI. An attacker able to\ntrick a victim that was logged in to the pcsd web UI into visiting a\nspecially crafted URL could use this flaw to execute arbitrary code with\nroot privileges on the server hosting the web UI. (CVE-2015-5190)\n\nA race condition was found in the way the pcsd web UI backend performed\nauthorization of user requests. An attacker could use this flaw to send a\nrequest that would be evaluated as originating from a different user,\npotentially allowing the attacker to perform actions with permissions of a\nmore privileged user. (CVE-2015-5189)\n\nThese issues were discovered by Tom\u00e1\u0161 Jel\u00ednek of Red Hat.\n\nAll pcs users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2015:1700",
"url": "https://access.redhat.com/errata/RHSA-2015:1700"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1252805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"
},
{
"category": "external",
"summary": "1252813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1700.json"
}
],
"title": "Red Hat Security Advisory: pcs security update",
"tracking": {
"current_release_date": "2025-11-21T17:53:28+00:00",
"generator": {
"date": "2025-11-21T17:53:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2015:1700",
"initial_release_date": "2015-09-01T13:41:46+00:00",
"revision_history": [
{
"date": "2015-09-01T13:41:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2015-09-01T13:41:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:53:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.7.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.139-9.el6_7.1.x86_64",
"product": {
"name": "pcs-0:0.9.139-9.el6_7.1.x86_64",
"product_id": "pcs-0:0.9.139-9.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.139-9.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"product": {
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"product_id": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.139-9.el6_7.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"product": {
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"product_id": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.137-13.el7_1.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"product": {
"name": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"product_id": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-clufter@0.9.137-13.el7_1.4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-0:0.9.137-13.el7_1.4.x86_64",
"product": {
"name": "pcs-0:0.9.137-13.el7_1.4.x86_64",
"product_id": "pcs-0:0.9.137-13.el7_1.4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.9.139-9.el6_7.1.src",
"product": {
"name": "pcs-0:0.9.139-9.el6_7.1.src",
"product_id": "pcs-0:0.9.139-9.el6_7.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.139-9.el6_7.1?arch=src"
}
}
},
{
"category": "product_version",
"name": "pcs-0:0.9.137-13.el7_1.4.src",
"product": {
"name": "pcs-0:0.9.137-13.el7_1.4.src",
"product_id": "pcs-0:0.9.137-13.el7_1.4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.137-13.el7_1.4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"product": {
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"product_id": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-debuginfo@0.9.139-9.el6_7.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pcs-0:0.9.139-9.el6_7.1.i686",
"product": {
"name": "pcs-0:0.9.139-9.el6_7.1.i686",
"product_id": "pcs-0:0.9.139-9.el6_7.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.9.139-9.el6_7.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.139-9.el6_7.1.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686"
},
"product_reference": "pcs-0:0.9.139-9.el6_7.1.i686",
"relates_to_product_reference": "6Server-HighAvailability-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.139-9.el6_7.1.src as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src"
},
"product_reference": "pcs-0:0.9.139-9.el6_7.1.src",
"relates_to_product_reference": "6Server-HighAvailability-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.139-9.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64"
},
"product_reference": "pcs-0:0.9.139-9.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-HighAvailability-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686"
},
"product_reference": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"relates_to_product_reference": "6Server-HighAvailability-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 6)",
"product_id": "6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-HighAvailability-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.139-9.el6_7.1.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686"
},
"product_reference": "pcs-0:0.9.139-9.el6_7.1.i686",
"relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.139-9.el6_7.1.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src"
},
"product_reference": "pcs-0:0.9.139-9.el6_7.1.src",
"relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.139-9.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64"
},
"product_reference": "pcs-0:0.9.139-9.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686"
},
"product_reference": "pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 6)",
"product_id": "6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"relates_to_product_reference": "6Server-ResilientStorage-6.7.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.4.src as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.4.src",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.4.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-clufter-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server High Availability (v. 7)",
"product_id": "7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
},
"product_reference": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"relates_to_product_reference": "7Server-HighAvailability-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.4.src as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.4.src",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64"
},
"product_reference": "pcs-0:0.9.137-13.el7_1.4.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64"
},
"product_reference": "pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-clufter-0:0.9.137-13.el7_1.4.x86_64 as a component of Red Hat Enterprise Linux Server Resilient Storage (v. 7)",
"product_id": "7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
},
"product_reference": "python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"relates_to_product_reference": "7Server-ResilientStorage-7.1.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Tom\u00e1\u0161 Jel\u00ednek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-5189",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2015-08-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1252805"
}
],
"notes": [
{
"category": "description",
"text": "A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcs: Incorrect authorization when using pcs web UI",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5189"
},
{
"category": "external",
"summary": "RHBZ#1252805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5189",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5189"
}
],
"release_date": "2015-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-01T13:41:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1700"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"products": [
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pcs: Incorrect authorization when using pcs web UI"
},
{
"acknowledgments": [
{
"names": [
"Tom\u00e1\u0161 Jel\u00ednek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2015-5190",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"discovery_date": "2015-08-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1252813"
}
],
"notes": [
{
"category": "description",
"text": "A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcs: Command injection with root privileges.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-5190"
},
{
"category": "external",
"summary": "RHBZ#1252813",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252813"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-5190",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-5190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5190"
}
],
"release_date": "2015-09-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2015-09-01T13:41:46+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2015:1700"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-HighAvailability-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-HighAvailability-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.src",
"6Server-ResilientStorage-6.7.z:pcs-0:0.9.139-9.el6_7.1.x86_64",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.i686",
"6Server-ResilientStorage-6.7.z:pcs-debuginfo-0:0.9.139-9.el6_7.1.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-HighAvailability-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-HighAvailability-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.src",
"7Server-ResilientStorage-7.1.Z:pcs-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:pcs-debuginfo-0:0.9.137-13.el7_1.4.x86_64",
"7Server-ResilientStorage-7.1.Z:python-clufter-0:0.9.137-13.el7_1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcs: Command injection with root privileges."
}
]
}
CNVD-2015-05862
Vulnerability from cnvd - Published: 2015-09-09
VLAI Severity ?
Title
PCS pcsd web UI操作系统命令注入漏洞
Description
PCS是一套利用命令行和Web UI来配置和管理Pacemaker和Corosync(集群软件)的工具。
PCS 0.9.139及之前版本的pcsd web UI中存在安全漏洞。远程攻击者可借助URL中的‘escape characters’利用该漏洞执行任意命令。
Severity
高
Patch Name
PCS pcsd web UI操作系统命令注入漏洞的补丁
Patch Description
PCS是一套利用命令行和Web UI来配置和管理Pacemaker和Corosync(集群软件)的工具。PCS 0.9.139及之前版本的pcsd web UI中存在安全漏洞。远程攻击者可借助URL中的‘escape characters’利用该漏洞执行任意命令。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://rhn.redhat.com/errata/RHSA-2015-1700.html
Reference
http://rhn.redhat.com/errata/RHSA-2015-1700.html
Impacted products
| Name | PCS PCS <=0.9.139 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-5190"
}
},
"description": "PCS\u662f\u4e00\u5957\u5229\u7528\u547d\u4ee4\u884c\u548cWeb UI\u6765\u914d\u7f6e\u548c\u7ba1\u7406Pacemaker\u548cCorosync\uff08\u96c6\u7fa4\u8f6f\u4ef6\uff09\u7684\u5de5\u5177\u3002\r\n\r\nPCS 0.9.139\u53ca\u4e4b\u524d\u7248\u672c\u7684pcsd web UI\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9URL\u4e2d\u7684\u2018escape characters\u2019\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
"discovererName": "Adam Mari\u0161",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://rhn.redhat.com/errata/RHSA-2015-1700.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-05862",
"openTime": "2015-09-09",
"patchDescription": "PCS\u662f\u4e00\u5957\u5229\u7528\u547d\u4ee4\u884c\u548cWeb UI\u6765\u914d\u7f6e\u548c\u7ba1\u7406Pacemaker\u548cCorosync\uff08\u96c6\u7fa4\u8f6f\u4ef6\uff09\u7684\u5de5\u5177\u3002PCS 0.9.139\u53ca\u4e4b\u524d\u7248\u672c\u7684pcsd web UI\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9URL\u4e2d\u7684\u2018escape characters\u2019\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "PCS pcsd web UI\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "PCS PCS \u003c=0.9.139"
},
"referenceLink": "http://rhn.redhat.com/errata/RHSA-2015-1700.html",
"serverity": "\u9ad8",
"submitTime": "2015-09-06",
"title": "PCS pcsd web UI\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…