SAML Authentication Vulnerability in CloudStack Environments
CVE-2024-41107
Key Information
- Vendor
- Apache
- Status
- Apache Cloudstack
- Vendor
- CVE Published:
- 19 July 2024
Badges
Summary
CVE-2024-41107 is a SAML authentication vulnerability that affects Apache CloudStack environments. The vulnerability allows attackers to bypass SAML authentication and gain unauthorized access to user accounts and control over cloud resources. It is recommended for affected users to disable the SAML authentication plugin or upgrade to the patched versions 4.18.2.2 or 4.19.1.0. An exploit for this vulnerability has been developed, highlighting the critical nature of the issue. The BSI has issued a security advisory for Apache CloudStack, recommending users to keep their systems up to date and install security updates as soon as they are available. The exploit poses a medium risk for affected systems and can potentially lead to the bypassing of security measures.
Affected Version(s)
Apache CloudStack <= 4.18.2.1
Apache CloudStack <= 4.19.0.2
News Articles
ASEC – AhnLabApache Product Security Update Advisory (CVE-2024-39877, CVE-2024-41107)
OverviewApache has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version.Affected ProductsCVE-2024-39877Apache-airflow version: 2.4.0Apache-airflow version: ~ 2.9.3 (excluded) CVE-2024-41107Apache CloudStack versions: 4.5.0 ...
5 months ago
SploitusCVE-2024-41107💀 Exploit for CVE-2024-41107
Exploit for CVE-2024-41107 | Sploitus | Exploit & Hacktool Search Engine
5 months ago
SploitusCVE-2024-41107💀 Exploit for CVE-2024-41107
Exploit for CVE-2024-41107 | Sploitus | Exploit & Hacktool Search Engine
5 months ago
References
EPSS Score
69% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
- 📰
First article discovered by ShapeBlue