{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T21:10:15.042","vulnerabilities":[{"cve":{"id":"CVE-2024-5651","sourceIdentifier":"secalert@redhat.com","published":"2024-08-12T13:38:37.863","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in the Fence Agents Remediation operator. This vulnerability can allow a Remote Code Execution (RCE) primitive by supplying an arbitrary command to execute in the --ssh-path/--telnet-path arguments. A low-privilege user, for example, a user with developer access, can create a specially crafted FenceAgentsRemediation for a fence agent supporting  --ssh-path/--telnet-path arguments to execute arbitrary commands on the operator's pod. This RCE leads to a privilege escalation, first as the service account running the operator, then to another service account with cluster-admin privileges."},{"lang":"es","value":"Se encontró una falla en los agentes de valla que dependen de SSH/Telnet. Esta vulnerabilidad puede permitir una primitiva de ejecución remota de código (RCE) al proporcionar un comando arbitrario para ejecutar en los argumentos --ssh-path/--telnet-path. Un usuario con pocos privilegios, por ejemplo, un usuario con acceso de desarrollador, puede crear un FenceAgentsRemediation especialmente manipulado para que un agente de valla admita argumentos --ssh-path/--telnet-path para ejecutar comandos arbitrarios en el módulo del operador. Este RCE conduce a una escalada de privilegios, primero como la cuenta de servicio que ejecuta el operador y luego a otra cuenta de servicio con privilegios de administrador del clúster."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2024:5453","source":"secalert@redhat.com"},{"url":"https://access.redhat.com/security/cve/CVE-2024-5651","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2290540","source":"secalert@redhat.com"}]}}]}