CVE-2024-41107

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.5.0 through 4.18.2.1 Apache CloudStack versions 4.19.0.0 through 4.19.0.2

Description: The issue is related to the SAML authentication mechanism in Apache CloudStack, which does not enforce signature checks when SAML authentication is enabled. This allows an attacker to bypass authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. This can result in a complete compromise of the resources owned and/or accessible by a SAML-enabled user-account.

Recommendations: For Apache CloudStack versions 4.5.0 through 4.18.2.1, upgrade to version 4.18.2.2 or later. For Apache CloudStack versions 4.19.0.0 through 4.19.0.2, upgrade to version 4.19.1.0 or later. As a temporary workaround, consider disabling the SAML authentication plugin by setting the saml2.enabled global setting to false.