CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
76.1%
CentOS Errata and Security Advisory CESA-2020:5003
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.
Security Fix(es):
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
fence_lpar: Long username, HMC hostname, or managed system name causes failures [RHEL 7] (BZ#1860545)
InstanceHA does not evacuate instances created with private flavor in tenant project (RHEL7) (BZ#1862024)
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2020-November/085987.html
Affected packages:
fence-agents-aliyun
fence-agents-all
fence-agents-amt-ws
fence-agents-apc
fence-agents-apc-snmp
fence-agents-aws
fence-agents-azure-arm
fence-agents-bladecenter
fence-agents-brocade
fence-agents-cisco-mds
fence-agents-cisco-ucs
fence-agents-common
fence-agents-compute
fence-agents-drac5
fence-agents-eaton-snmp
fence-agents-emerson
fence-agents-eps
fence-agents-gce
fence-agents-heuristics-ping
fence-agents-hpblade
fence-agents-ibmblade
fence-agents-ifmib
fence-agents-ilo-moonshot
fence-agents-ilo-mp
fence-agents-ilo-ssh
fence-agents-ilo2
fence-agents-intelmodular
fence-agents-ipdu
fence-agents-ipmilan
fence-agents-kdump
fence-agents-lpar
fence-agents-mpath
fence-agents-redfish
fence-agents-rhevm
fence-agents-rsa
fence-agents-rsb
fence-agents-sbd
fence-agents-scsi
fence-agents-virsh
fence-agents-vmware-rest
fence-agents-vmware-soap
fence-agents-wti
Upstream details at:
https://access.redhat.com/errata/RHSA-2020:5003
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
76.1%