CVE-2022-35741

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions 4.5.0 and later

Description The issue is related to the SAML 2.0 authentication Service Provider plugin in Apache CloudStack, which is vulnerable to XML external entity (XXE) injection attacks. This plugin is not enabled by default, and an attacker would need to enable it to exploit the vulnerability. The SAML 2.0 messages constructed during the authentication flow are XML-based, and the XML data is parsed by standard libraries that are vulnerable to XXE injection attacks, potentially allowing arbitrary file reading, denial of service, and server-side request forgery (SSRF) on the CloudStack management server.

Recommendations For Apache CloudStack versions 4.5.0 and later, consider disabling the SAML 2.0 authentication Service Provider plugin until a patch is available to prevent potential exploitation of XXE vulnerabilities. Restrict access to the SAML 2.0 plugin to minimize the risk of exploitation. Avoid using the SAML 2.0 plugin for authentication until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.