CVE-2024-29007

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.
Configurations

No configuration.

History

12 Nov 2024, 18:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.3
Summary
  • (es) Se podría engañar al servidor de administración de CloudStack y a la máquina virtual de almacenamiento secundario para que realicen solicitudes a recursos restringidos o aleatorios mediante las siguientes redirecciones HTTP 301 presentadas por servidores externos al descargar plantillas o ISO. Se recomienda a los usuarios actualizar a la versión 4.18.1.1 o 4.19.0.1, que soluciona este problema.

04 Apr 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-04 08:15

Updated : 2024-11-12 18:35


NVD link : CVE-2024-29007

Mitre link : CVE-2024-29007

CVE.ORG link : CVE-2024-29007


JSON object : View

Products Affected

No product.

CWE
CWE-918

Server-Side Request Forgery (SSRF)