CVE-2019-3879 : Exploit Details and Defense Strategies

An issue was found in ovirt's REST API versions prior to 4.3.2.1 where the RemoveDiskCommand is executed internally, bypassing the necessary permission validation against the user making the request. This vulnerability could be exploited by a user with lower privileges (such as Basic Operations) to delete disks that are connected to guests.

Understanding CVE-2019-3879

This CVE-2019-3879 vulnerability affects ovirt-engine version 4.3.2.1.

What is CVE-2019-3879?

CVE-2019-3879 is a vulnerability in ovirt's REST API where a user with low privileges can delete disks connected to guests due to a lack of permission validation.

The Impact of CVE-2019-3879

The impact of this vulnerability is rated as MEDIUM with a CVSS base score of 6.5. The availability impact is HIGH, allowing users with low privileges to delete disks.

Technical Details of CVE-2019-3879

This section provides technical details of the CVE-2019-3879 vulnerability.

Vulnerability Description

The vulnerability arises from the internal execution of RemoveDiskCommand in ovirt's REST API, bypassing necessary permission validation.

Affected Systems and Versions

Affected Product: ovirt-engine
Affected Version: 4.3.2.1

Exploitation Mechanism

Attack Complexity: LOW
Attack Vector: NETWORK
Privileges Required: LOW
User Interaction: NONE
Scope: UNCHANGED
Availability Impact: HIGH

Mitigation and Prevention

To address CVE-2019-3879, follow these mitigation and prevention steps:

Immediate Steps to Take

Update ovirt-engine to version 4.3.2.1 or later.
Monitor disk deletion activities for suspicious behavior.

Long-Term Security Practices

Implement the principle of least privilege to restrict user actions.
Regularly review and update permission settings.

Patching and Updates

Apply security patches promptly to prevent exploitation of known vulnerabilities.