{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-09-01T00:00:00", "descriptions": [{"lang": "en", "value": "Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-09-03T13:57:02", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"}, {"name": "RHSA-2015:1700", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:41:08.026Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"}, {"name": "RHSA-2015:1700", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-5189", "datePublished": "2015-09-03T14:00:00", "dateReserved": "2015-07-01T00:00:00", "dateUpdated": "2024-08-06T06:41:08.026Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pacemaker\\/corosync_configuration_system_project:pacemaker\\/corosync_configuration_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "69E6BE70-8D68-4908-B755-AC7509BC9B40", "versionEndIncluding": "0.9.139", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated."}, {"lang": "es", "value": "Vulnerabilidad de condici\u00f3n de carrera de pcsd en PCS 0.9.139 y en versiones anteriores utiliza una variable global para validar nombres de usuarios, lo que permite a usuarios remotos autenticados para obtener privilegios mediante el env\u00edo de un comando que se comprueba por seguridad tras autenticarse otro usuario."}], "id": "CVE-2015-5189", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-09-03T14:59:02.037", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-1700.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Tom\u00e1\u0161 Jel\u00ednek (Red Hat).", "affected_release": [{"advisory": "RHSA-2015:1700", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "pcs-0:0.9.139-9.el6_7.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-09-01T00:00:00Z"}, {"advisory": "RHSA-2015:1700", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "pcs-0:0.9.137-13.el7_1.4", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-09-01T00:00:00Z"}], "bugzilla": {"description": "pcs: Incorrect authorization when using pcs web UI", "id": "1252805", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1252805"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "status": "verified"}, "cwe": "CWE-863", "details": ["Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.", "A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user."], "name": "CVE-2015-5189", "public_date": "2015-09-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5189\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5189"], "threat_severity": "Moderate"}