Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2019-10153

Published: Jul 30, 2019 | Modified: Feb 02, 2023
CVSS 3.x
5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5 MODERATE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2019-10153
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VMs comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.

Affected Software

Name Vendor Start Version End Version
Fence-agents Clusterlabs * 4.3.4 (excluding)
Red Hat Enterprise Linux 7 RedHat fence-agents-0:4.2.1-24.el7 *
Fence-agents Ubuntu cosmic *
Fence-agents Ubuntu disco *
Fence-agents Ubuntu eoan *
Fence-agents Ubuntu trusty *
Fence-agents Ubuntu upstream *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use