Unrated severityNVD Advisory· Published Apr 4, 2024· Updated Nov 12, 2024
Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences
CVE-2024-29007
Description
The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.
Affected products
2<4.18.1.1 || (>=4.19.0, <4.19.0.1)+ 1 more
- (no CPE)range: <4.18.1.1 || (>=4.19.0, <4.19.0.1)
- (no CPE)range: 4.9.1.0
Patches
Vulnerability mechanics
References
1- lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvpmitrevendor-advisory
News mentions
0No linked articles in our index yet.