The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.
CVSS
No CVSS.
References
Configurations
No configuration.
History
No history.
Information
Published : 2024-04-04 08:15
Updated : 2024-04-04 12:48
NVD link : CVE-2024-29007
Mitre link : CVE-2024-29007
CVE.ORG link : CVE-2024-29007
JSON object : View
Products Affected
No product.
CWE
CWE-918
Server-Side Request Forgery (SSRF)