What is CVE-2024-41107?

CVE-2024-41107 is a vulnerability in Apache Software Foundation Cloudstack, classified under Authentication Bypass by Spoofing. Published 2024-07-19.

Is CVE-2024-41107 known to be exploited?

25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Cloudstack

CVE-2024-41107

The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass…

EPSS: 0.920 (99.7th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Cloudstack — versions 4.5.0, 4.19.0.0

Weakness classification (CWE)

CWE-290 — Authentication Bypass by Spoofing

Public proof-of-concept exploits

References

lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3 (mailing-list)
cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107 (vendor-advisory)
github.com/apache/cloudstack/issues/4519 (issue-tracking)
www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107 (third-party-advisory)
www.openwall.com/lists/oss-security/2024/07/19/1
www.openwall.com/lists/oss-security/2024/07/19/2

Frequently asked questions

What is CVE-2024-41107?: CVE-2024-41107 is a vulnerability in Apache Software Foundation Cloudstack, classified under Authentication Bypass by Spoofing. Published 2024-07-19.
Is CVE-2024-41107 known to be exploited?: 25 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.