CVE-2024-29006 - Vulnerability Details - OpenCVE

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Cloudstack

Configuration 1 [-]

OR	cpe:2.3:a:apache:cloudstack::::::::
	cpe:2.3:a:apache:cloudstack:4.19.0.0:::::::*

No data.

References

Link	Providers
https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp

History

Fri, 24 Jan 2025 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apache Apache cloudstack
CPEs		cpe:2.3:a:apache:cloudstack:::::::: cpe:2.3:a:apache:cloudstack:4.19.0.0:::::::*
Vendors & Products		Apache Apache cloudstack
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-04-04T07:48:54.101Z

Updated: 2024-08-02T01:03:51.677Z

Reserved: 2024-03-13T22:56:41.313Z

Link: CVE-2024-29006

Vulnrichment

Updated: 2024-08-02T01:03:51.677Z

NVD

Status : Analyzed

Published: 2024-04-04T08:15:06.810

Modified: 2025-01-24T16:19:05.217

Link: CVE-2024-29006

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29006", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2024-03-13T22:56:41.313Z", "datePublished": "2024-04-04T07:48:54.101Z", "dateUpdated": "2024-08-02T01:03:51.677Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache CloudStack", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "4.18.1.0", "status": "affected", "version": "4.11.0.0", "versionType": "semver"}, {"status": "affected", "version": "4.19.0.0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Yuyang Xiao <superxyyang@gmail.com>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.</div>"}], "value": "By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.\n\n"}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-04-04T07:50:18.522Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache CloudStack: x-forwarded-for HTTP header parsed by default", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29006", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-04T15:38:39.808444Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:56:43.725Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:03:51.677Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:03:51.677Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29006", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-04T15:38:39.808444Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:22.038Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Apache CloudStack: x-forwarded-for HTTP header parsed by default", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Yuyang Xiao <superxyyang@gmail.com>"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache CloudStack", "versions": [{"status": "affected", "version": "4.11.0.0", "versionType": "semver", "lessThanOrEqual": "4.18.1.0"}, {"status": "affected", "version": "4.19.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.\n\n", "supportingMedia": [{"type": "text/html", "value": "<div>By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.</div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-04-04T07:50:18.522Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29006", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:03:51.677Z", "dateReserved": "2024-03-13T22:56:41.313Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-04-04T07:48:54.101Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*", "matchCriteriaId": "B50170D1-71D1-4F1E-A1A8-0611D6AD9765", "versionEndExcluding": "4.18.1.1", "versionStartIncluding": "4.11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cloudstack:4.19.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "51E212EC-AC62-4533-B3B2-A660807F0C1F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.\n\n"}, {"lang": "es", "value": "De forma predeterminada, el servidor de administraci\u00f3n de CloudStack respeta el encabezado HTTP x-forwarded-for y lo registra como la IP de origen de una solicitud de API. Esto podr\u00eda provocar una omisi\u00f3n de autenticaci\u00f3n y otros problemas operativos si un atacante decide falsificar su direcci\u00f3n IP de esta manera. Se recomienda a los usuarios actualizar a la versi\u00f3n 4.18.1.1 o 4.19.0.1 de CloudStack, que soluciona este problema."}], "id": "CVE-2024-29006", "lastModified": "2025-01-24T16:19:05.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-04T08:15:06.810", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "security@apache.org", "type": "Secondary"}]}