Overview
- Description
- Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1 Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.
- Source
- security@apache.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- security@apache.org
- CWE-352
Social media
- Hype score
- Not currently trending
CVE-2024-45693 (CVSS:8.8, HIGH) is Analyzed. Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing ..https://t.co/COuV4ag6Mc #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
21 Oct 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The Apache CloudStack project has announced an advisory against CVE-2024-45219 (severity ‘Important’), CVE-2024-45461 (severity ‘Moderate’), CVE-2024-45462 (severity ‘Moderate’) and CVE-2024-45693 (severity ‘Important’). Read our blog to learn more: https://t.co/6jOZHaeBTI
@shapeblue
175 Impressions
4 Retweets
3 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2024-45693 Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This… https://t.co/dfHfy39rnd
@CVEnew
406 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ Apache CloudStack Patches Critical Security Flaws in Latest Release CVE-2024-45219,CVE-2024-45693,CVE-2024-45461 and CVE-2024-45462 Strongly recommends that users upgrade to versions 4.18.2.4 or 4.19.1.2 🎯1k+ Results are found on the https://t.co/pb16tGYaKe nearly year.… h
@fofabot
696 Impressions
0 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes
Apache CloudStack fixes several vulnerabilities #CVE-2024-45219 #CVE-2024-45693 #ApacheCloudstack https://t.co/ARyXGAkSbQ
@pravin_karthik
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: High Improper Input Validation (CVE-2024-45219 / CVSS: 8.5) and Cross-Site Request Forgery (CVE-2024-45693 / CVSS: 8) in @CloudStack. These vulnerabilities allows to deploy malicious instances, which in turn can lead to account takeover! #Patch https://t.co/waqwU0NLM4
@CCBalert
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "174E314B-9CD8-445B-AE96-A9AC4D5D8B80",
"versionEndExcluding": "4.18.2.4",
"versionStartIncluding": "4.15.1.0"
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B851F50-43E1-4DD1-989E-94676D12EC33",
"versionEndExcluding": "4.19.1.2",
"versionStartIncluding": "4.19.0.0"
}
],
"operator": "OR"
}
]
}
]