Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-41107— Apache CloudStack: SAML Signature Exclusion

EPSS 92.00% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-41107

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Apache CloudStack: SAML Signature Exclusion
Source: NVD (National Vulnerability Database)
Vulnerability Description
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account. Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用欺骗进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache CloudStack 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache CloudStack是美国阿帕奇(Apache)基金会的一套基础架构即服务(IaaS)云计算平台。该平台主要用于部署和管理大型虚拟机网络。 Apache CloudStack存在安全漏洞,该漏洞源于身份验证不强制执行签名检查,攻击者可以通过提交没有签名的欺骗SAML响应以及启用SAML的CloudStack用户帐户来绕过SAML身份验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
Apache Software FoundationApache CloudStack 4.5.0 ~ 4.18.2.1 -

II. Public POCs for CVE-2024-41107

#POC DescriptionSource LinkShenlong Link
1This repository contains an PoC for the critical vulnerability identified as CVE-2024-41107 in Apache CloudStackhttps://github.com/d0rb/CVE-2024-41107POC Details
2The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-41107.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-41107

登录查看更多情报信息。

Same Patch Batch · Apache Software Foundation · 2024-07-19 · 4 CVEs total

CVE-2024-41172Apache CXF: Unrestricted memory consumption in CXF HTTP clients
CVE-2024-32007Apache CXF Denial of Service vulnerability in JOSE
CVE-2024-29736Apache CXF: SSRF vulnerability via WADL stylesheet parameter

IV. Related Vulnerabilities

Same product: Apache CloudStack
Same vendor: Apache Software Foundation
Same weakness: CWE-290

V. Comments for CVE-2024-41107

No comments yet

Leave a comment