Alain Moulle

**Name of the Vulnerable Software and Affected Versions** Pacemaker versions prior to 1.1.16 **Description** An authorization flaw was found where Pacemaker did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to gain root access on the machine, for example, by forcing the Local Resource Manager daemon to execute a script as root. **Recommendations** For versions prior to 1.1.16, update to version 1.1.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the IPC interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pacemaker versions prior to 1.1.15 **Description** The issue allows remote attackers to cause a denial of service, specifically node disconnection, via an unauthenticated connection when using pacemaker remote. **Recommendations** For versions prior to 1.1.15, update to version 1.1.15 or later to resolve the issue.