VYPR
Unrated severityNVD Advisory· Published Apr 4, 2024· Updated Nov 12, 2024

Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences

CVE-2024-29007

Description

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.

Affected products

2
  • Apache/Cloudstackllm-fuzzy2 versions
    <4.18.1.1 || (>=4.19.0, <4.19.0.1)+ 1 more
    • (no CPE)range: <4.18.1.1 || (>=4.19.0, <4.19.0.1)
    • (no CPE)range: 4.9.1.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.