Ken Gaillot discovered a vulnerability in the Pacemaker cluster resource manager: If ACLs were configured for users in the quot;haclientquot; group, the ACL restrictions could be bypassed via unrestricted IPC communication, resulting in cluster-wide arbitrary code execution with root privileges. If the quot;enable-aclquot; cluster option isn"t enabled, members of the quot;haclientquot; group can modify Pacemaker"s Cluster Information Base without restriction, which already gives them these capabilities, so there is no additional exposure in such a setup.