CVE-2024-21545
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API.
When handling the result from a request handler before returning it to the user, the handle_api2_request function will check for the ‘download’ or ‘data’->’download’ objects inside the request handler call response object. If present, handle_api2_request will read a local file defined by this object and return it to the user.
Two endpoints were identified which can control the object returned by a request handler sufficiently that the ’download’ object is defined and user controlled. This results in arbitrary file read.
The privileges of this file read can result in full compromise of the system by various impacts such as disclosing sensitive files allowing for privileged session forgery.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-12-22 CVE Reserved
- 2024-09-24 CVE Published
- 2024-09-25 CVE Updated
- 2024-09-25 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-73: External Control of File Name or Path
CAPEC
References (2)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Proxmox Search vendor "Proxmox" | Pve-manager Search vendor "Proxmox" for product "Pve-manager" | < 7.4-19 Search vendor "Proxmox" for product "Pve-manager" and version " < 7.4-19" | en |
Affected
| ||||||
| Proxmox Search vendor "Proxmox" | Pve-manager Search vendor "Proxmox" for product "Pve-manager" | >= 8.0.0 < 8.2.7 Search vendor "Proxmox" for product "Pve-manager" and version " >= 8.0.0 < 8.2.7" | en |
Affected
| ||||||
| Proxmox Search vendor "Proxmox" | Libpve-storage-perl Search vendor "Proxmox" for product "Libpve-storage-perl" | < 7.4-4 Search vendor "Proxmox" for product "Libpve-storage-perl" and version " < 7.4-4" | en |
Affected
| ||||||
| Proxmox Search vendor "Proxmox" | Libpve-storage-perl Search vendor "Proxmox" for product "Libpve-storage-perl" | >= 8.0.0 < 8.2.5 Search vendor "Proxmox" for product "Libpve-storage-perl" and version " >= 8.0.0 < 8.2.5" | en |
Affected
| ||||||
| Proxmox Search vendor "Proxmox" | Libpve-http-server-perl Search vendor "Proxmox" for product "Libpve-http-server-perl" | >= 3.2-1.0 < 4.3.0 Search vendor "Proxmox" for product "Libpve-http-server-perl" and version " >= 3.2-1.0 < 4.3.0" | en |
Affected
| ||||||
| Proxmox Search vendor "Proxmox" | Libpve-http-server-perl Search vendor "Proxmox" for product "Libpve-http-server-perl" | >= 5.0.0 < 5.1.1 Search vendor "Proxmox" for product "Libpve-http-server-perl" and version " >= 5.0.0 < 5.1.1" | en |
Affected
| ||||||
| Proxmox Search vendor "Proxmox" | Pmg-api Search vendor "Proxmox" for product "Pmg-api" | < 7.3-12 Search vendor "Proxmox" for product "Pmg-api" and version " < 7.3-12" | en |
Affected
| ||||||
| Proxmox Search vendor "Proxmox" | Pmg-api Search vendor "Proxmox" for product "Pmg-api" | >= 8.0.0 < 8.1.4 Search vendor "Proxmox" for product "Pmg-api" and version " >= 8.0.0 < 8.1.4" | en |
Affected
| ||||||
| Proxmox Search vendor "Proxmox" | Libpve-common-perl (Promox VE 8) Search vendor "Proxmox" for product "Libpve-common-perl (Promox VE 8)" | < 8.2.3 Search vendor "Proxmox" for product "Libpve-common-perl (Promox VE 8)" and version " < 8.2.3" | en |
Affected
| ||||||
| Proxmox Search vendor "Proxmox" | Libpve-common-perl (Promox Mail Gateway 8) Search vendor "Proxmox" for product "Libpve-common-perl (Promox Mail Gateway 8)" | < 8.2.5 Search vendor "Proxmox" for product "Libpve-common-perl (Promox Mail Gateway 8)" and version " < 8.2.5" | en |
Affected
| ||||||