Overview
- Description
- The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.
- Source
- security@apache.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
- Severity
- HIGH
Weaknesses
- security@apache.org
- CWE-613
Social media
- Hype score
- Not currently trending
CVE-2024-45462 (CVSS:7.1, HIGH) is Analyzed. The logout operation in the CloudStack web interface does not expire the user session completely which is valid until ex..https://t.co/zo83pPGNOS #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
21 Oct 2024
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Apache CloudStack project has announced an advisory against CVE-2024-45219 (severity ‘Important’), CVE-2024-45461 (severity ‘Moderate’), CVE-2024-45462 (severity ‘Moderate’) and CVE-2024-45693 (severity ‘Important’). Read our blog to learn more: https://t.co/6jOZHaeBTI
@shapeblue
175 Impressions
4 Retweets
3 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2024-45462 The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service… https://t.co/TWQkVESoV8
@CVEnew
395 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ Apache CloudStack Patches Critical Security Flaws in Latest Release CVE-2024-45219,CVE-2024-45693,CVE-2024-45461 and CVE-2024-45462 Strongly recommends that users upgrade to versions 4.18.2.4 or 4.19.1.2 🎯1k+ Results are found on the https://t.co/pb16tGYaKe nearly year.… h
@fofabot
696 Impressions
0 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "174E314B-9CD8-445B-AE96-A9AC4D5D8B80",
"versionEndExcluding": "4.18.2.4",
"versionStartIncluding": "4.15.1.0"
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B851F50-43E1-4DD1-989E-94676D12EC33",
"versionEndExcluding": "4.19.1.2",
"versionStartIncluding": "4.19.0.0"
}
],
"operator": "OR"
}
]
}
]