CVE-2024-45693

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.15.1.0 through 4.18.2.3 Apache CloudStack versions 4.19.0.0 through 4.19.1.1

Description: The issue allows attackers to trick users logged into the Apache CloudStack's web interface into submitting malicious CSRF requests due to missing validation of the origin of the requests. This can lead to account takeover, disruption, exposure of sensitive data, and compromise of the integrity of resources owned by the user account managed by the platform.

Recommendations: For Apache CloudStack versions 4.15.1.0 through 4.18.2.3, upgrade to Apache CloudStack 4.18.2.4 or later. For Apache CloudStack versions 4.19.0.0 through 4.19.1.1, upgrade to Apache CloudStack 4.19.1.2 or later. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.