CVE-2024-29007

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions CloudStack versions prior to 4.18.1.1 CloudStack versions prior to 4.19.0.1

Description The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs.

Recommendations For versions prior to 4.18.1.1, upgrade to version 4.18.1.1 to fix the issue. For versions prior to 4.19.0.1, upgrade to version 4.19.0.1 to fix the issue.

Fix

SSRF

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918CWE-59

Related Identifiers

CVE-2024-29007

Affected Products

Cloudstack

CVE-2024-29007

Weakness Enumeration

Related Identifiers

Affected Products

References · 10