CVE-2024-29007

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29007
The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp
Configurations

No configuration.

History

12 Nov 2024, 18:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.3
Summary
  • (es) Se podría engañar al servidor de administración de CloudStack y a la máquina virtual de almacenamiento secundario para que realicen solicitudes a recursos restringidos o aleatorios mediante las siguientes redirecciones HTTP 301 presentadas por servidores externos al descargar plantillas o ISO. Se recomienda a los usuarios actualizar a la versión 4.18.1.1 o 4.19.0.1, que soluciona este problema.

04 Apr 2024, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-04 08:15

Updated : 2024-11-12 18:35

NVD link : CVE-2024-29007

Mitre link : CVE-2024-29007

CVE.ORG link : CVE-2024-29007

JSON object : View

Products Affected

No product.

CWE
CWE-918

Server-Side Request Forgery (SSRF)


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024