CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50386 – Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure
https://notcve.org/view.php?id=CVE-2024-50386
12 Nov 2024 — Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and ... • https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3 • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45219 – Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure
https://notcve.org/view.php?id=CVE-2024-45219
16 Oct 2024 — Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environm... • https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45462 – Apache CloudStack: Incomplete session invalidation on web interface logout
https://notcve.org/view.php?id=CVE-2024-45462
16 Oct 2024 — The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addr... • https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2 • CWE-613: Insufficient Session Expiration •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45693 – Apache CloudStack: Request origin validation bypass makes account takeover possible
https://notcve.org/view.php?id=CVE-2024-45693
16 Oct 2024 — Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0... • https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.3EPSS: 1%CPEs: 2EXPL: 0CVE-2024-42062 – Apache CloudStack: User Key Exposure to Domain Admins
https://notcve.org/view.php?id=CVE-2024-42062
07 Aug 2024 — CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin. An ... • https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3 • CWE-863: Incorrect Authorization •
CVSS: 8.1EPSS: 92%CPEs: 2EXPL: 1CVE-2024-41107 – Apache CloudStack: SAML Signature Exclusion
https://notcve.org/view.php?id=CVE-2024-41107
19 Jul 2024 — The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessi... • https://github.com/d0rb/CVE-2024-41107 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29008 – Apache CloudStack: The extraconfig feature can be abused to load hypervisor resources on a VM instance
https://notcve.org/view.php?id=CVE-2024-29008
04 Apr 2024 — A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to attach host devices such as storage disks, and PCI and USB devices such as network adapters and... • https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29007 – Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences
https://notcve.org/view.php?id=CVE-2024-29007
04 Apr 2024 — The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue. Se podría engañar al servidor de administración de CloudStack y a la máquina virtual de almacenamiento secundario para que realicen solicitudes a recursos restringidos o aleatorios medi... • https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29006 – Apache CloudStack: x-forwarded-for HTTP header parsed by default
https://notcve.org/view.php?id=CVE-2024-29006
04 Apr 2024 — By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue. De forma predeterminada, el servidor de administración de CloudStack respeta el encabezado HTTP x-forwarded-for y lo registra como la IP de orige... • https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp • CWE-290: Authentication Bypass by Spoofing •