The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.
References
Configurations
No configuration.
History
12 Nov 2024, 18:35
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.3 |
04 Apr 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-04 08:15
Updated : 2024-11-12 18:35
NVD link : CVE-2024-29007
Mitre link : CVE-2024-29007
CVE.ORG link : CVE-2024-29007
JSON object : View
Products Affected
No product.
CWE
CWE-918
Server-Side Request Forgery (SSRF)