Clusterlabs: >> Fence-Agents Security Vulnerabilities
In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates.
CVSS Score
5.9
EPSS Score
0.002
Published
2020-01-02
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
CVSS Score
5.0
EPSS Score
0.002
Published
2019-07-30