Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2024/04/04 8:15 a.m.11 views

CVE-2024-29007

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or...

7.3CVSS6.6AI score0.00135EPSS
Exploits0References1
NVD
NVDadded 2024/04/04 8:15 a.m.9 views

CVE-2024-29006

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrad...

9.8CVSS6.8AI score0.00072EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/04/04 7:51 a.m.16 views

CVE-2024-29008 Apache CloudStack: The extraconfig feature can be abused to load hypervisor resources on a VM instance

A problem has been identified in the CloudStack additional VM configuration extraconfig feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not...

6.5AI score0.00133EPSS
Exploits0References1
CVE
CVEadded 2024/04/04 7:49 a.m.69 views

CVE-2024-29007

The CVE-2024-29007 issue affects Apache CloudStack: when downloading templates or ISOs, the CloudStack management server and the secondary storage VM can follow HTTP 301 redirects to external resources, potentially enabling access to restricted or random resources. Affected components are the Clo...

7.3CVSS7.2AI score0.00135EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2024/04/04 7:49 a.m.14 views

CVE-2024-29007 Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or...

6.9AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/04/04 7:48 a.m.16 views

CVE-2024-29006 Apache CloudStack: x-forwarded-for HTTP header parsed by default

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrad...

7.1AI score0.00072EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2024/04/04 12:0 a.m.2 views

PT-2024-22665 · Unknown · Cloudstack

Name of the Vulnerable Software and Affected Versions: CloudStack versions prior to 4.18.1.1 CloudStack versions prior to 4.19.0.1 Description: The CloudStack management server honors the x-forwarded-for HTTP header and logs it as the source IP of an API request by default. This could lead to...

9.8CVSS7.5AI score0.00072EPSS
Exploits0References7
Rows per page
Query Builder