The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account.Β In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account.
Affected users are recommended to disable the SAML authentication plugin by setting theΒ βsaml2.enabledβ global setting to βfalseβ, or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.
[
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.1",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.0.2",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
]
www.openwall.com/lists/oss-security/2024/07/19/1
www.openwall.com/lists/oss-security/2024/07/19/2
cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107
github.com/apache/cloudstack/issues/4519
lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3
www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107