{"id":"CVE-2019-3831","details":"A vulnerability was discovered in vdsm, version 4.19 through 4.30.3 and 4.30.5 through 4.30.8. The systemd_run function exposed to the vdsm system user could be abused to execute arbitrary commands as root.","modified":"2026-05-18T05:50:44.580343545Z","published":"2019-03-25T18:29:00.933Z","database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"3.0"}],"vendor_product":"redhat:gluster_storage","source":"CPE_FIELD"}]},"references":[{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3831"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ovirt/vdsm","events":[{"introduced":"0"},{"last_affected":"61e4716cf3e13f3fd9547a9d8be776a593803f32"},{"introduced":"0d9505b561b9d03b02fac49fbf9cc509787b91b2"},{"last_affected":"a2dc14e05cd08e7307ecfee22097b85696089bf2"}],"database_specific":{"cpe":"cpe:2.3:a:ovirt:vdsm:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"4.19"},{"last_affected":"4.30.3"},{"introduced":"4.30.5"},{"last_affected":"4.30.8"}],"source":"CPE_FIELD"}}],"versions":["v4.30.8","v4.30.7","v4.30.6","v4.30.5","v4.30.3","v4.30.2","v4.30.1","v4.30.0","v4.20.17","v4.20.16","v4.20.15","v4.20.14","v4.20.13","v4.20.12","v4.20.11","v4.20.10","v4.20.9","v4.20.8","v4.20.7","v4.20.6","v4.20.5","v4.20.4","v4.20.3","v4.20.2","v4.20.1","v4.20.0","v4.19.1","v4.18.999","v4.18.1","v4.18.0","v4.17.999","v4.17.2","v4.17.1","v4.17.0","v4.16.0","v4.15.0","v4.14.1","v4.14.0","v4.13.0","v4.12.0","v4.12.0-rc3","v4.12.0-rc2","v4.12.0-rc1","v4.11.0","v4.10.3","v4.10.2","v4.10.1","v4.10.0","v4.9.6","v4.9.4","v4.9.2","v4.9.1","v4.9.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3831.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}