Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-41107

CWE-2905 documents5 sources
Severity
8.1HIGH
EPSS
92.0%
top 0.30%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache CloudstackApache Software Foundation Apache Cloudstack
Timeline
PublishedJul 19
Latest updateSep 30

Description

The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned an

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

NVDapache/cloudstack4.5.04.18.2.2+1
CVEListV5apache_software_foundation/apache_cloudstack4.5.04.18.2.1+1

🔴Vulnerability Details

2
GHSA
GHSA-gmm6-5xx7-57r6: The CloudStack SAML authentication (disabled by default) does not enforce signature check2024-07-19
CVEList
Apache CloudStack: SAML Signature Exclusion2024-07-19

💥Exploits & PoCs

1
Nuclei
Apache CloudStack - SAML Signature Exclusion

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Apache CloudStack SAML Authentication Bypass (CVE-2024-41107)2024-09-30
CVE-2024-41107 (HIGH CVSS 8.1) | The CloudStack SAML authentication | cvebase.io