It was reported that pcs package is vulnerable to command injection with root privileges.
A user supplied string is used to in running a system command. If the user
uses escape characters they can run a command as the root user on the system.
To do this the user must already have access to login to pcsd (Be a member of
the hacluster group).
This issue was discovered by Tomáš Jelínek of Red Hat.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2015:1700 https://rhn.redhat.com/errata/RHSA-2015-1700.html