CRITICAL🇵🇱 Wersja polska

CVE-2024-29006

CVSS 9.8v3.1pub. 2024-04-04upd. 2025-03-27

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.

🤖 AI Analysis
How it works

The CloudStack management server reads the x-forwarded-for header from incoming HTTP requests and records it as the actual client source address. An attacker can send any value in this header, impersonating a trusted IP address. This mechanism is classified as CWE-290 (Authentication Bypass by Spoofing) because the system does not verify the authenticity of the provided address. As a result, IP address-based access controls can be effectively bypassed.

Impact

An attacker can bypass authentication and IP address-based access control, gaining unauthorized access to the CloudStack management API. This can lead to complete takeover of cloud infrastructure, including data and resource reading, modification, and destruction.

Mitigation & patch

Apache CloudStack should be updated to version 4.18.1.1 or 4.19.0.1, which eliminate the described vulnerability. As additional security, it is advisable to restrict access to the management API exclusively to trusted networks at the firewall level.

Who is affected

Apache CloudStack in versions prior to 4.18.1.1 and 4.19.0.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Cloudstack

    APP
    Apache
    4.19.0.04.11.0.0 – 4.18.1.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2026-25199CRITICAL9.1PL ✓ten sam produkt

Apache CloudStack: nieautoryzowany dostęp między tenantami przez rozszerzenie Proxmox

CVE-2024-39864CRITICAL9.8PL ✓ten sam produkt

Apache CloudStack — RCE przez niechroniony port integracyjny API

CVE-2024-38346CRITICAL9.8PL ✓ten sam produkt

Apache CloudStack — RCE przez nieuwierzytelniony port klastra (9090)

CVE-2022-35741CRITICAL9.8ten sam produkt

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found...

CVE-2019-17562CRITICAL9.8ten sam produkt

A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies t...