Pacemaker Corosync Configuration System
Monthly
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.