{"containers": {"cna": {"affected": [{"product": "vdsm", "vendor": "[UNKNOWN]", "versions": [{"status": "affected", "version": "4.30.9"}]}], "datePublic": "2019-02-14T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-03-25T17:12:10", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-3831", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "vdsm", "version": {"version_data": [{"version_value": "4.30.9"}]}}]}, "vendor_name": "[UNKNOWN]"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root."}]}, "impact": {"cvss": [[{"vectorString": "6.4/CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:19:18.593Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3831", "datePublished": "2019-03-25T17:12:10", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.593Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ovirt:vdsm:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE133A09-DE61-4AE2-90FD-A24D2E0BD5B0", "versionEndIncluding": "4.30.3", "versionStartIncluding": "4.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:ovirt:vdsm:*:*:*:*:*:*:*:*", "matchCriteriaId": "859EBC12-485A-4214-8BDA-C0A6205F904F", "versionEndIncluding": "4.30.8", "versionStartIncluding": "4.30.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1986832-44C9-491E-A75D-AAD8FAE683E6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en vdsm, desde la versi\u00f3n 4.19 hasta la 4.30.3 y desde la 4.30.5 hasta la 4.30.8.. La funci\u00f3n systemd_run expuesta al usuario del sistema vdsm podr\u00eda ser abusada para ejecutar comandos arbitrarios como root."}], "id": "CVE-2019-3831", "lastModified": "2020-10-19T18:07:55.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-25T18:29:00.933", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHBA-2019:1965", "cpe": "cpe:/a:redhat:storage:3.4:server:el7", "package": "ioprocess-0:1.1.2-1.el7ev", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date": "2019-07-30T00:00:00Z"}, {"advisory": "RHBA-2019:1965", "cpe": "cpe:/a:redhat:storage:3.4:server:el7", "package": "safelease-0:1.0-7.el7ev", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date": "2019-07-30T00:00:00Z"}, {"advisory": "RHBA-2019:1965", "cpe": "cpe:/a:redhat:storage:3.4:server:el7", "package": "vdsm-0:4.30.18-1.0.el7rhgs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date": "2019-07-30T00:00:00Z"}, {"advisory": "RHSA-2019:0457", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-release-virtualization-host-0:4.2-8.3.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-03-05T00:00:00Z"}, {"advisory": "RHSA-2019:0457", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.2-20190219.0.el7_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-03-05T00:00:00Z"}, {"advisory": "RHSA-2019:0458", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "vdsm-0:4.20.47-1.el7ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-03-05T00:00:00Z"}], "bugzilla": {"description": "vdsm: privilege escalation to root via systemd_run", "id": "1677108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-863", "details": ["A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.", "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root."], "name": "CVE-2019-3831", "public_date": "2019-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-3831\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3831"], "threat_severity": "Moderate", "upstream_fix": "vdsm 4.30.9"}