CVE-2022-35741

Опубликовано: 18 июл. 2022

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server.

Ссылки

http://www.openwall.com/lists/oss-security/2022/07/18/2
Mailing List
Mitigation
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/07/20/1
Mailing List
Mitigation
Third Party Advisory
https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f
Issue Tracking
Mailing List
Mitigation
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/07/18/2
Mailing List
Mitigation
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/07/20/1
Mailing List
Mitigation
Third Party Advisory
https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f
Issue Tracking
Mailing List
Mitigation
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*

Версия от 4.5.0 (включая) до 4.16.1.1 (исключая)

cpe:2.3:a:apache:cloudstack:4.17.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.34432

Средний

9.8 Critical

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-r3xj-vjpq-7cvq

CVSS3: 9.8

github

больше 3 лет назад

BDU:2022-04506

CVSS3: 10

fstec