cnvd - cnvd-2022-76241

cnvd-2022-76241

Vulnerability from cnvd

Title: Apache CloudStack安全特征问题漏洞

Description:

Apache CloudStack是美国阿帕奇（Apache）基金会的一套基础架构即服务（IaaS）云计算平台。该平台主要用于部署和管理大型虚拟机网络。

Apache CloudStack 4.16.1.0之前版本存在安全特征问题漏洞，该漏洞源于Apache CloudStack不安全的随机数生成影响项目电子邮件邀请。攻击者可利用该漏洞攻击者成具有时间确定性的令牌，并在合法接收方接受邀请之前使用这些令牌。

Severity: 中

Patch Name: Apache CloudStack安全特征问题漏洞的补丁

Patch Description:

Apache CloudStack是美国阿帕奇（Apache）基金会的一套基础架构即服务（IaaS）云计算平台。该平台主要用于部署和管理大型虚拟机网络。

Apache CloudStack 4.16.1.0之前版本存在安全特征问题漏洞，该漏洞源于Apache CloudStack不安全的随机数生成影响项目电子邮件邀请。攻击者可利用该漏洞攻击者成具有时间确定性的令牌，并在合法接收方接受邀请之前使用这些令牌。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： http://www.openwall.com/lists/oss-security/2022/03/15/1

Reference: https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp

Impacted products

Name
Apache Apache CloudStack <4.16.1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-26779",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-26779"
    }
  },
  "description": "Apache CloudStack\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1\uff08IaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u7528\u4e8e\u90e8\u7f72\u548c\u7ba1\u7406\u5927\u578b\u865a\u62df\u673a\u7f51\u7edc\u3002\n\nApache CloudStack 4.16.1.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eApache CloudStack\u4e0d\u5b89\u5168\u7684\u968f\u673a\u6570\u751f\u6210\u5f71\u54cd\u9879\u76ee\u7535\u5b50\u90ae\u4ef6\u9080\u8bf7\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u653b\u51fb\u8005\u6210\u5177\u6709\u65f6\u95f4\u786e\u5b9a\u6027\u7684\u4ee4\u724c\uff0c\u5e76\u5728\u5408\u6cd5\u63a5\u6536\u65b9\u63a5\u53d7\u9080\u8bf7\u4e4b\u524d\u4f7f\u7528\u8fd9\u4e9b\u4ee4\u724c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.openwall.com/lists/oss-security/2022/03/15/1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-76241",
  "openTime": "2022-11-11",
  "patchDescription": "Apache CloudStack\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1\uff08IaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u7528\u4e8e\u90e8\u7f72\u548c\u7ba1\u7406\u5927\u578b\u865a\u62df\u673a\u7f51\u7edc\u3002\r\n\r\nApache CloudStack 4.16.1.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eApache CloudStack\u4e0d\u5b89\u5168\u7684\u968f\u673a\u6570\u751f\u6210\u5f71\u54cd\u9879\u76ee\u7535\u5b50\u90ae\u4ef6\u9080\u8bf7\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u653b\u51fb\u8005\u6210\u5177\u6709\u65f6\u95f4\u786e\u5b9a\u6027\u7684\u4ee4\u724c\uff0c\u5e76\u5728\u5408\u6cd5\u63a5\u6536\u65b9\u63a5\u53d7\u9080\u8bf7\u4e4b\u524d\u4f7f\u7528\u8fd9\u4e9b\u4ee4\u724c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache CloudStack\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Apache CloudStack \u003c4.16.1.0"
  },
  "referenceLink": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp",
  "serverity": "\u4e2d",
  "submitTime": "2022-03-21",
  "title": "Apache CloudStack\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2022-26779 (GCVE-0-2022-26779)

Vulnerability from cvelistv5

Published

2022-03-15 15:40

Modified

2024-08-03 05:11

Severity ?

CWE

anonymous invite can be used by anyone

Summary

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.

References

▼	URL	Tags
	https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h	x_refsource_MISC
	https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2022/03/15/1	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache CloudStack	Version: Apache CloudStack < 4.16.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:11:45.092Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp"
          },
          {
            "name": "[oss-security] 20220315 CVE-2022-26779: Apache Cloudstack insecure random number generation affects project email invitation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/03/15/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache CloudStack",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "4.16.1",
              "status": "affected",
              "version": "Apache CloudStack",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was reported by Jonathan Leitschuh"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "anonymous invite can be used by anyone",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-15T17:06:15",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp"
        },
        {
          "name": "[oss-security] 20220315 CVE-2022-26779: Apache Cloudstack insecure random number generation affects project email invitation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/03/15/1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Cloudstack insecure random number generation affects project email invitation",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2022-26779",
          "STATE": "PUBLIC",
          "TITLE": "Apache Cloudstack insecure random number generation affects project email invitation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache CloudStack",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache CloudStack",
                            "version_value": "4.16.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "This issue was reported by Jonathan Leitschuh"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "anonymous invite can be used by anyone"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h"
            },
            {
              "name": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp",
              "refsource": "MISC",
              "url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp"
            },
            {
              "name": "[oss-security] 20220315 CVE-2022-26779: Apache Cloudstack insecure random number generation affects project email invitation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/03/15/1"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-26779",
    "datePublished": "2022-03-15T15:40:11",
    "dateReserved": "2022-03-09T00:00:00",
    "dateUpdated": "2024-08-03T05:11:45.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted