This is an automated email from the ASF dual-hosted git repository. rohit pushed a commit to branch staging-site in repository https://gitbox.apache.org/repos/asf/cloudstack-www.git
The following commit(s) were added to refs/heads/staging-site by this push: new d3c86513 blog: publish security release advisory d3c86513 is described below commit d3c86513440e8be7459abdbc7107516f204845d2 Author: Rohit Yadav <rohit.ya...@shapeblue.com> AuthorDate: Thu Apr 4 10:54:08 2024 +0530 blog: publish security release advisory Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> --- .../index.md | 64 ++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/blog/2024-04-04-security-release-advisory-4.19.0.1-4.18.1.1/index.md b/blog/2024-04-04-security-release-advisory-4.19.0.1-4.18.1.1/index.md new file mode 100644 index 00000000..afa7f788 --- /dev/null +++ b/blog/2024-04-04-security-release-advisory-4.19.0.1-4.18.1.1/index.md @@ -0,0 +1,64 @@ +--- +layout: post +title: "[ADVISORY] Apache CloudStack Security Releases 4.18.1.1 and 4.19.0.1" +tags: [announcement] +authors: [rohit] +slug: security-release-advisory-4.19.0.1-4.18.1.1 +--- + +Apache CloudStack security releases 4.18.1.1 and 4.19.0.1 address the CVEs +listed below. Affected users are recommended to upgrade their CloudStack +installations. + +<!-- truncate --> + +[**CVE-2024-29006**](https://www.cve.org/CVERecord?id=CVE-2024-29006): x-forwarded-for HTTP header parsed by default + +Severity: moderate + +Description: By default the CloudStack management server honours the +x-forwarded-for HTTP header and logs it as the source IP of an API +request. This could lead to authentication bypass and other +operational problems should an attacker decide to spoof their IP +address this way. + +Affected versions: Apache CloudStack 4.11.0.0 through 4.18.1.0, and 4.19.0.0 + +Credit: Yuyang Xiao < superxyy...@gmail.com > (finder) + +[**CVE-2024-29007**](https://www.cve.org/CVERecord?id=CVE-2024-29007): When +downloading templates or ISOs, the management server and SSVM follow HTTP +redirects with potentially dangerous consequences + +Severity: moderate + +Affected versions: Apache CloudStack 4.9.1.0 through 4.18.1.0, and 4.19.0.0 + +Description: The CloudStack management server and secondary storage VM could be +tricked into making requests to restricted or random resources by +means of following 301 HTTP redirects presented by external servers +when downloading templates or ISOs. Users are recommended to upgrade +to version 4.18.1.1 or 4.19.0.1, which fixes this issue. + +Credit: Yuyang Xiao < superxyy...@gmail.com > (finder) + +[**CVE-2024-29008**](https://www.cve.org/CVERecord?id=CVE-2024-29008): The +extraconfig feature can be abused to load hypervisor resources on a VM instance + +Severity: critical + +Affected versions: Apache CloudStack 4.14.0.0 through 4.18.1.0, and 4.19.0.0 + +Description: A problem has been identified in the CloudStack additional VM +configuration (extraconfig) feature which can be misused by anyone who +has privilege to deploy a VM instance or configure settings of an +already deployed VM instance, to configure additional VM configuration +even when the feature is not explicitly enabled by the administrator. +In a KVM based CloudStack environment, an attacker can exploit this +issue to attach host devices such as storage disks, and PCI and USB +devices such as network adapters and GPUs, in a regular VM instance +that can be further exploited to gain access to the underlying network +and storage infrastructure resources, and access any VM instance disks +on the local storage. + +Credit: Wei Zhou < ustcweiz...@gmail.com > (finder)