The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account. Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.
History

Tue, 10 Sep 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache cloudstack
CPEs cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache cloudstack

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-07-19T10:19:53.995Z

Updated: 2024-08-02T04:46:52.354Z

Reserved: 2024-07-12T22:43:29.015Z

Link: CVE-2024-41107

cve-icon Vulnrichment

Updated: 2024-08-02T04:46:52.354Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-19T11:15:03.323

Modified: 2024-09-10T14:30:55.217

Link: CVE-2024-41107

cve-icon Redhat

No data.