CVE-2019-10153 - OpenCVE

A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Clusterlabs	Fence-agents
Redhat	Enterprise Linux Enterprise Linux Workstation Enterprise Linux Server

Configuration 1 [-]

cpe:2.3:a:clusterlabs:fence-agents:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

References

Link	Resource
https://access.redhat.com/errata/RHSA-2019:2037	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153	Issue Tracking Third Party Advisory
https://github.com/ClusterLabs/fence-agents/pull/255	Patch Third Party Advisory
https://github.com/ClusterLabs/fence-agents/pull/272	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2019-07-30T22:10:35

Updated: 2019-08-06T16:06:22

Reserved: 2019-03-27T00:00:00

Link: CVE-2019-10153

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-07-30T23:15:11.980

Modified: 2023-02-02T18:58:52.113

Link: CVE-2019-10153

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "fence-agents", "vendor": "ClusterLabs", "versions": [{"status": "affected", "version": "fixed in 4.3.4"}]}], "descriptions": [{"lang": "en", "value": "A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-172", "description": "CWE-172", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-08-06T16:06:22", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ClusterLabs/fence-agents/pull/255"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ClusterLabs/fence-agents/pull/272"}, {"name": "RHSA-2019:2037", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2037"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-10153", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "fence-agents", "version": {"version_data": [{"version_value": "fixed in 4.3.4"}]}}]}, "vendor_name": "ClusterLabs"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member."}]}, "impact": {"cvss": [[{"vectorString": "5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-172"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153"}, {"name": "https://github.com/ClusterLabs/fence-agents/pull/255", "refsource": "CONFIRM", "url": "https://github.com/ClusterLabs/fence-agents/pull/255"}, {"name": "https://github.com/ClusterLabs/fence-agents/pull/272", "refsource": "CONFIRM", "url": "https://github.com/ClusterLabs/fence-agents/pull/272"}, {"name": "RHSA-2019:2037", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2037"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-10153", "datePublished": "2019-07-30T22:10:35", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2019-08-06T16:06:22", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clusterlabs:fence-agents:*:*:*:*:*:*:*:*", "matchCriteriaId": "58FDEB44-2C6A-4336-9593-BDE1F3CF4536", "versionEndExcluding": "4.3.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member."}, {"lang": "es", "value": "Se detect\u00f3 un fallo en fence-agents, anterior a versi\u00f3n 4.3.4, donde el uso de caracteres no ASCII en un comentario de una M\u00e1quina Virtual invitada u otros campos causar\u00eda que fence_rhevm salga con una excepci\u00f3n. En entornos de cl\u00faster, esto podr\u00eda conllevar a impedir una recuperaci\u00f3n automatizada o por otra parte denegar el servicio a los cl\u00fasteres de los que esa M\u00e1quina Virtual es miembro."}], "id": "CVE-2019-10153", "lastModified": "2023-02-02T18:58:52.113", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-30T23:15:11.980", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:2037"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10153"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ClusterLabs/fence-agents/pull/255"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ClusterLabs/fence-agents/pull/272"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-172"}], "source": "secalert@redhat.com", "type": "Secondary"}]}