cnvd - cnvd-2024-20837

cnvd-2024-20837

Vulnerability from cnvd

Title: Apache CloudStack安全绕过漏洞（CNVD-2024-20837）

Description:

Apache CloudStack是美国阿帕奇（Apache）基金会的一套基础架构即服务（IaaS）云计算平台。该平台主要用于部署和管理大型虚拟机网络。

Apache CloudStack存在安全绕过漏洞，该漏洞源于使用下载模板或ISO时遵循外部服务器提供的301 HTTP重定向，攻击者可利用该漏洞向受限或随机资源发出请求。

Severity: 中

Patch Name: Apache CloudStack安全绕过漏洞（CNVD-2024-20837）的补丁

Patch Description:

Apache CloudStack是美国阿帕奇（Apache）基金会的一套基础架构即服务（IaaS）云计算平台。该平台主要用于部署和管理大型虚拟机网络。

Apache CloudStack存在安全绕过漏洞，该漏洞源于使用下载模板或ISO时遵循外部服务器提供的301 HTTP重定向，攻击者可利用该漏洞向受限或随机资源发出请求。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp

Reference: https://cxsecurity.com/cveshow/CVE-2024-29007/

Impacted products

Name
['Apache CloudStack 4.19.0.0', 'Apache CloudStack >=4.9.1.0，<=4.18.1.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-29007"
    }
  },
  "description": "Apache CloudStack\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1\uff08IaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u7528\u4e8e\u90e8\u7f72\u548c\u7ba1\u7406\u5927\u578b\u865a\u62df\u673a\u7f51\u7edc\u3002\n\nApache CloudStack\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u4e0b\u8f7d\u6a21\u677f\u6216ISO\u65f6\u9075\u5faa\u5916\u90e8\u670d\u52a1\u5668\u63d0\u4f9b\u7684301 HTTP\u91cd\u5b9a\u5411\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u53d7\u9650\u6216\u968f\u673a\u8d44\u6e90\u53d1\u51fa\u8bf7\u6c42\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-20837",
  "openTime": "2024-04-29",
  "patchDescription": "Apache CloudStack\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1\uff08IaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u7528\u4e8e\u90e8\u7f72\u548c\u7ba1\u7406\u5927\u578b\u865a\u62df\u673a\u7f51\u7edc\u3002\r\n\r\nApache CloudStack\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u4e0b\u8f7d\u6a21\u677f\u6216ISO\u65f6\u9075\u5faa\u5916\u90e8\u670d\u52a1\u5668\u63d0\u4f9b\u7684301 HTTP\u91cd\u5b9a\u5411\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5411\u53d7\u9650\u6216\u968f\u673a\u8d44\u6e90\u53d1\u51fa\u8bf7\u6c42\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache CloudStack\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2024-20837\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache CloudStack 4.19.0.0",
      "Apache CloudStack \u003e=4.9.1.0\uff0c\u003c=4.18.1.0"
    ]
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2024-29007/",
  "serverity": "\u4e2d",
  "submitTime": "2024-04-09",
  "title": "Apache CloudStack\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff08CNVD-2024-20837\uff09"
}

CVE-2024-29007 (GCVE-0-2024-29007)

Vulnerability from cvelistv5

Published

2024-04-04 07:49

Modified

2024-11-12 18:07

Severity ?

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.

References

▼	URL	Tags
	https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp	vendor-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache CloudStack	Version: 4.9.1.0 ≤ 4.18.1.0 Version: 4.19.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cloudstack",
            "vendor": "apache",
            "versions": [
              {
                "lessThanOrEqual": "4.18.1.0",
                "status": "affected",
                "version": "4.9.1.0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "4.19.0.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 7.3,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-29007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T18:07:51.461959Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T18:07:54.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.463Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache CloudStack",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "4.18.1.0",
              "status": "affected",
              "version": "4.9.1.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "4.19.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Yuyang Xiao \u003csuperxyyang@gmail.com\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eThe CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.\u003c/div\u003e"
            }
          ],
          "value": "The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.\n\n"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918 Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-04T07:49:57.831Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-29007",
    "datePublished": "2024-04-04T07:49:57.831Z",
    "dateReserved": "2024-03-13T22:58:54.736Z",
    "dateUpdated": "2024-11-12T18:07:54.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted