{
  "threat_severity" : "Moderate",
  "public_date" : "2019-02-14T00:00:00Z",
  "bugzilla" : {
    "description" : "vdsm: privilege escalation to root via systemd_run",
    "id" : "1677108",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1677108"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.4",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-863",
  "details" : [ "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.", "A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Gluster Storage 3.4 for RHEL 7",
    "release_date" : "2019-07-30T00:00:00Z",
    "advisory" : "RHBA-2019:1965",
    "cpe" : "cpe:/a:redhat:storage:3.4:server:el7",
    "package" : "ioprocess-0:1.1.2-1.el7ev"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.4 for RHEL 7",
    "release_date" : "2019-07-30T00:00:00Z",
    "advisory" : "RHBA-2019:1965",
    "cpe" : "cpe:/a:redhat:storage:3.4:server:el7",
    "package" : "safelease-0:1.0-7.el7ev"
  }, {
    "product_name" : "Red Hat Gluster Storage 3.4 for RHEL 7",
    "release_date" : "2019-07-30T00:00:00Z",
    "advisory" : "RHBA-2019:1965",
    "cpe" : "cpe:/a:redhat:storage:3.4:server:el7",
    "package" : "vdsm-0:4.30.18-1.0.el7rhgs"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2019-03-05T00:00:00Z",
    "advisory" : "RHSA-2019:0457",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "redhat-release-virtualization-host-0:4.2-8.3.el7"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2019-03-05T00:00:00Z",
    "advisory" : "RHSA-2019:0457",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "redhat-virtualization-host-0:4.2-20190219.0.el7_6"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7",
    "release_date" : "2019-03-05T00:00:00Z",
    "advisory" : "RHSA-2019:0458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor",
    "package" : "vdsm-0:4.20.47-1.el7ev"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-3831\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3831" ],
  "name" : "CVE-2019-3831",
  "csaw" : false
}