CVE-2024-41107 — HIGH (8.1)

Q: How severe is CVE-2024-41107?

CVE-2024-41107 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-41107?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Cloudstack.

Vulnerability Description

The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account. Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Cloudstack	>= 4.5.0, < 4.18.2.2

Related Weaknesses (CWE)

CWE-290

References

http://www.openwall.com/lists/oss-security/2024/07/19/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/19/2Mailing ListThird Party Advisory
https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107MitigationVendor Advisory
https://github.com/apache/cloudstack/issues/4519Issue Tracking
https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3Mailing ListVendor Advisory
https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/19/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/19/2Mailing ListThird Party Advisory
https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107MitigationVendor Advisory
https://github.com/apache/cloudstack/issues/4519Issue Tracking
https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3Mailing ListVendor Advisory
https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024Third Party Advisory

FAQ

What is CVE-2024-41107?

CVE-2024-41107 is a vulnerability with a CVSS score of 8.1 (HIGH). The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML s...

How severe is CVE-2024-41107?

CVE-2024-41107 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-41107?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Cloudstack.