Fluid Attacks Database

Description

A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel7	pcs	<0:0.9.137-13.el7_1.4	0:0.9.137-13.el7_1.4
rpm rhel6	pcs	<0:0.9.139-9.el6_7.1	0:0.9.139-9.el6_7.1

Aliases

1. CVE-2015-51892. NVD-2015-51893. OSV-2015-5189

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.