Cloudstack@4.19.0.0 Security Vulnerabilities and Issues — Cloudstack@4.19.0.0 CVE List

Lucene search

ApacheCloudstack4.19.0.0

3 matches found

CVE•added 2024/04/04 8:15 a.m.•84 views

CVE-2024-29006

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade ...

9.8CVSS7.1AI score0.00054EPSS

CVE•added 2024/04/04 8:15 a.m.•52 views

CVE-2024-29007

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0...

7.3CVSS7.2AI score0.00083EPSS

CVE•added 2024/04/04 8:15 a.m.•50 views

CVE-2024-29008

A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not ...

6.4CVSS6.5AI score0.00099EPSS