cnvd - cnvd-2024-41662

cnvd-2024-41662

Vulnerability from cnvd

Title: Apache CloudStack代码问题漏洞

Description:

Apache CloudStack是美国阿帕奇（Apache）基金会的一套基础架构即服务（IaaS）云计算平台。该平台主要用于部署和管理大型虚拟机网络。

Apache CloudStack存在安全漏洞，该漏洞源于用户登出后会话未完全失效，拥有用户浏览器访问权限的攻击者可利用该漏洞在会话过期前访问已登出用户账户的资源。

Severity: 中

Patch Name: Apache CloudStack代码问题漏洞的补丁

Patch Description:

Apache CloudStack是美国阿帕奇（Apache）基金会的一套基础架构即服务（IaaS）云计算平台。该平台主要用于部署和管理大型虚拟机网络。

Apache CloudStack存在安全漏洞，该漏洞源于用户登出后会话未完全失效，拥有用户浏览器访问权限的攻击者可利用该漏洞在会话过期前访问已登出用户账户的资源。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo

Reference: https://cxsecurity.com/cveshow/CVE-2024-45462/

Impacted products

Name
['Apache Apache CloudStack >=4.19.0.0，<=4.19.1.1', 'Apache Apache CloudStack >=4.15.10，<=4.18.2.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-45462",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-45462"
    }
  },
  "description": "Apache CloudStack\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1\uff08IaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u7528\u4e8e\u90e8\u7f72\u548c\u7ba1\u7406\u5927\u578b\u865a\u62df\u673a\u7f51\u7edc\u3002\n\nApache CloudStack\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u767b\u51fa\u540e\u4f1a\u8bdd\u672a\u5b8c\u5168\u5931\u6548\uff0c\u62e5\u6709\u7528\u6237\u6d4f\u89c8\u5668\u8bbf\u95ee\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4f1a\u8bdd\u8fc7\u671f\u524d\u8bbf\u95ee\u5df2\u767b\u51fa\u7528\u6237\u8d26\u6237\u7684\u8d44\u6e90\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-41662",
  "openTime": "2024-10-25",
  "patchDescription": "Apache CloudStack\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u7840\u67b6\u6784\u5373\u670d\u52a1\uff08IaaS\uff09\u4e91\u8ba1\u7b97\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u7528\u4e8e\u90e8\u7f72\u548c\u7ba1\u7406\u5927\u578b\u865a\u62df\u673a\u7f51\u7edc\u3002\r\n\r\nApache CloudStack\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7528\u6237\u767b\u51fa\u540e\u4f1a\u8bdd\u672a\u5b8c\u5168\u5931\u6548\uff0c\u62e5\u6709\u7528\u6237\u6d4f\u89c8\u5668\u8bbf\u95ee\u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4f1a\u8bdd\u8fc7\u671f\u524d\u8bbf\u95ee\u5df2\u767b\u51fa\u7528\u6237\u8d26\u6237\u7684\u8d44\u6e90\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache CloudStack\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apache Apache CloudStack \u003e=4.19.0.0\uff0c\u003c=4.19.1.1",
      "Apache Apache CloudStack \u003e=4.15.10\uff0c\u003c=4.18.2.3"
    ]
  },
  "referenceLink": "https://cxsecurity.com/cveshow/CVE-2024-45462/",
  "serverity": "\u4e2d",
  "submitTime": "2024-10-23",
  "title": "Apache CloudStack\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2024-45462 (GCVE-0-2024-45462)

Vulnerability from cvelistv5

Published

2024-10-16 07:53

Modified

2024-10-16 14:54

Severity ?

6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-613 - Insufficient Session Expiration

Summary

The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.

References

▼	URL	Tags
	https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2	vendor-advisory, patch
	https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo	mailing-list
	https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2	third-party-advisory

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache CloudStack	Version: 4.15.1.0 ≤ 4.18.2.3 Version: 4.19.0.0 ≤ 4.19.1.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-16T08:03:42.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/10/15/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache_software_foundation:apache_cloudstack:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "apache_cloudstack",
            "vendor": "apache_software_foundation",
            "versions": [
              {
                "lessThanOrEqual": "4.18.2.3",
                "status": "affected",
                "version": "4.15.1.0",
                "versionType": "semver"
              },
              {
                "lessThanOrEqual": "4.19.1.1",
                "status": "affected",
                "version": "4.19.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45462",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-16T14:51:40.647741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-16T14:54:34.977Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache CloudStack",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "4.18.2.3",
              "status": "affected",
              "version": "4.15.1.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.1.1",
              "status": "affected",
              "version": "4.19.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Arthur Souza"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Felipe Olivaes"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eThe logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user\u0027s browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.\u003c/span\u003e\u003c/div\u003e"
            }
          ],
          "value": "The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user\u0027s browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1.\n\n\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-16T07:53:40.129Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
        },
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo"
        },
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache CloudStack: Incomplete session invalidation on web interface logout",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-45462",
    "datePublished": "2024-10-16T07:53:40.129Z",
    "dateReserved": "2024-08-29T08:57:32.948Z",
    "dateUpdated": "2024-10-16T14:54:34.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted