CVE-2015-1867

CWE-264CWE-863Incorrect Authorization7 documents6 sources
Severity
7.5HIGH
EPSS
0.7%
top 27.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Clusterlabs PacemakerRedhat Enterprise Linux High AvailabilityRedhat Enterprise Linux Resilient Storage
Timeline
PublishedAug 12
Latest updateMay 17

Description

Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-95mv-cmj7-gfh7: Pacemaker before 12022-05-17
CVEList
CVE-2015-1867: Pacemaker before 12015-08-12

📋Vendor Advisories

2
Red Hat
pacemaker: acl read-only access allow role assignment2015-03-31
Debian
CVE-2015-1867: pacemaker - Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows rem...2015

💬Community

2
Bugzilla
CVE-2015-1867 pacemaker: acl read-only access allow role assignment [fedora-all]2015-07-02
Bugzilla
CVE-2015-1867 pacemaker: acl read-only access allow role assignment2015-04-13
CVE-2015-1867 (HIGH CVSS 7.5) | Pacemaker before 1.1.13 does not pr | cvebase.io