CVE-2024-29007

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.

CVSS v3 7.3 HIGH

7.3^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp	Mailing List Vendor Advisory
https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:cloudstack::::::::
	cpe:2.3:a:apache:cloudstack:4.19.0.0:::::::*

History

02 Sep 2025, 21:14

Type	Values Removed	Values Added
CWE	~~CWE-59~~

30 Jun 2025, 15:05

Type	Values Removed	Values Added
First Time		Apache cloudstack Apache
CWE		CWE-59
References	~~() https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp -~~	() https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp - Mailing List, Vendor Advisory
CPE		cpe:2.3:a:apache:cloudstack:4.19.0.0:::::::* cpe:2.3:a:apache:cloudstack::::::::

Information

Published : 2024-04-04 08:15

Updated : 2025-09-02 21:14

NVD link : CVE-2024-29007

Mitre link : CVE-2024-29007

CVE.ORG link : CVE-2024-29007

JSON object : View

Products Affected

apache

cloudstack

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2024-29007", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 3.9}]}, "published": "2024-04-04T08:15:06.970", "references": [{"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-918"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.\n\n"}, {"lang": "es", "value": "Se podr\u00eda enga\u00f1ar al servidor de administraci\u00f3n de CloudStack y a la m\u00e1quina virtual de almacenamiento secundario para que realicen solicitudes a recursos restringidos o aleatorios mediante las siguientes redirecciones HTTP 301 presentadas por servidores externos al descargar plantillas o ISO. Se recomienda a los usuarios actualizar a la versi\u00f3n 4.18.1.1 o 4.19.0.1, que soluciona este problema."}], "lastModified": "2025-09-02T21:14:50.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2EE4F78-B6F4-43CB-979E-BFFFFA139AD5", "versionEndExcluding": "4.18.1.1", "versionStartIncluding": "4.9.1.0"}, {"criteria": "cpe:2.3:a:apache:cloudstack:4.19.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51E212EC-AC62-4533-B3B2-A660807F0C1F"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}