Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-29007

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.

Published

2024-04-04T08:15:06.970

Last Modified

2025-09-02T21:14:50.247

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

Weaknesses

Type: Secondary
CWE-918
Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	cloudstack	< 4.18.1.1	Yes
Application	apache	cloudstack	4.19.0.0	Yes

References

https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp Mailing List, Vendor Advisory ([email protected])
https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)