Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform.
This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1
Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
References |
|
|
References | () https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2 - Vendor Advisory |
17 Oct 2024, 20:21
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apache
Apache cloudstack |
|
References | () https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:* |
16 Oct 2024, 16:38
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Oct 2024, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-16 08:15
Updated : 2024-11-21 09:37
NVD link : CVE-2024-45693
Mitre link : CVE-2024-45693
CVE.ORG link : CVE-2024-45693
JSON object : View
Products Affected
apache
- cloudstack
CWE
CWE-352
Cross-Site Request Forgery (CSRF)