A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00034.html
https://access.redhat.com/errata/RHSA-2019:1278
https://access.redhat.com/errata/RHSA-2019:1279
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16877
https://github.com/ClusterLabs/pacemaker/pull/1749
https://lists.debian.org/debian-lts-announce/2021/01/msg00007.html