First published: Thu Feb 14 2019(Updated: )
A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ovirt Vdsm | >=4.19<=4.30.3 | |
Ovirt Vdsm | >=4.30.5<=4.30.8 | |
Redhat Gluster Storage | =3.0 | |
redhat/vdsm | <4.30.9 | 4.30.9 |
>=4.19<=4.30.3 | ||
>=4.30.5<=4.30.8 | ||
=3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3831 is a vulnerability discovered in vdsm that allows arbitrary command execution as root.
CVE-2019-3831 has a severity rating of 6.7 (critical).
vdsm versions 4.19 through 4.30.3 and 4.30.5 through 4.30.8 are affected by CVE-2019-3831.
To fix CVE-2019-3831, update vdsm to version 4.30.9.
You can find more information about CVE-2019-3831 at the following links: [link1](https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831), [link2](https://gerrit.ovirt.org/#/c/97659/), [link3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1677109).