First published: Fri Jul 19 2024(Updated: )
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account. Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
>=4.5.0<4.18.2.2 | ||
>=4.19.0.0<4.19.1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-41107 is considered a high-severity vulnerability due to its potential to allow unauthorized bypass of SAML authentication.
To fix CVE-2024-41107, ensure that SAML authentication is configured with signature checks enabled in affected versions of Apache CloudStack.
CVE-2024-41107 affects Apache CloudStack versions between 4.5.0 and 4.18.2.2, and from 4.19.0.0 to 4.19.1.0.
CVE-2024-41107 only impacts CloudStack installations where SAML authentication is enabled.
No, SAML authentication is disabled by default in CloudStack, which requires action to be taken to exploit CVE-2024-41107.