CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-41107

Medium Severity
Apache
SVRS
36/100
CVSSv3
8.1/10
EPSS
0.92902/1

CVE-2024-41107 is a critical security vulnerability in Apache CloudStack's SAML authentication. This flaw allows attackers to bypass SAML authentication by submitting spoofed SAML responses, potentially leading to complete compromise of user accounts. Although the CVSS score is 8.1, the SOCRadar Vulnerability Risk Score (SVRS) is 36, suggesting a lower immediate risk. However, the presence of "Exploit Available" and "In The Wild" tags indicate active exploitation. This means attackers have working exploits and are actively using them, increasing the urgency. Without signature checks on SAML responses, attackers can gain unauthorized access. Affected users should disable SAML authentication or upgrade to patched versions immediately to mitigate this serious threat. The absence of proper signature enforcement in SAML creates a significant attack vector.

TAGS
In The Wild
Exploit Avaliable
Third-party-advisory
Issue-tracking
Vendor-advisory
Mailing-list
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-03-19
LAST MODIFIED2024-07-19
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-41107 is a vulnerability in the CloudStack SAML authentication mechanism that allows an attacker to bypass authentication by submitting a spoofed SAML response without a signature. This vulnerability has a CVSS score of 8.1 and an SVRS of 46, indicating a moderate level of severity.

Key Insights

  • Exploitation in the Wild: Active exploits have been published for this vulnerability, indicating that it is actively being exploited by attackers.
  • Complete Account Compromise: Successful exploitation of this vulnerability can lead to the complete compromise of resources owned or accessible by a SAML-enabled user account.
  • Default Disabled: The SAML authentication feature is disabled by default, reducing the risk of exploitation. However, organizations that have enabled SAML authentication are at risk.

Mitigation Strategies

  • Disable SAML Authentication: Disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false."
  • Upgrade CloudStack: Upgrade to CloudStack version 4.18.2.2, 4.19.1.0, or later, which addresses this vulnerability.
  • Monitor for Suspicious Activity: Monitor logs and security alerts for any suspicious activity that may indicate exploitation attempts.

Additional Information

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.
  • Users with additional queries regarding this incident can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
d0rb/CVE-2024-41107https://github.com/d0rb/CVE-2024-411072024-07-23
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-41107 | Apache CloudStack up to 4.18.2.1/4.19.0.2 CloudStack SAML Authentication authentication spoofing (ID 4519)
vuldb.com2024-07-19
CVE-2024-41107 | Apache CloudStack up to 4.18.2.1/4.19.0.2 CloudStack SAML Authentication authentication spoofing (ID 4519) | A vulnerability, which was classified as critical, was found in Apache CloudStack up to 4.18.2.1/4.19.0.2. This affects an unknown part of the component CloudStack SAML Authentication. The manipulation leads to authentication bypass by spoofing. This vulnerability is uniquely identified as CVE-2024-41107. The attack needs to
vuldb.com
rss
forum
news
[ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion
2024-07-19
[ANNOUNCE] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion | Posted by Abhishek Kumar on Jul 19Apache CloudStack project announces the release of LTS releases 4.19.1.0 and 4.18.2.2 that addresses CVE-2024-41107 that affects CloudStack SAML users, of severity 'important' explained below. # CVE-2024-41107: SAML Signature Exclusion The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is
seclists.org
rss
forum
news
CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion
2024-07-19
CVE-2024-41107: Apache CloudStack: SAML Signature Exclusion | Posted by Rohit Yadav on Jul 19Severity: important Affected versions: - Apache CloudStack 4.5.0 through 4.18.2.1 - Apache CloudStack 4.19.0.0 through 4.19.0.2 Description: The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can
seclists.org
rss
forum
news

Social Media

CVE-2024-41107: The CloudStack SAML authentication (disabled by default) ...attacker that initiates CloudStack SAML single sign-on authentication bypass... PoC https://t.co/tdnIQjuRRQ https://t.co/xWpmUex3eh
0
0
0
『 In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication』 [ADVISORY] Apache CloudStack CVE-2024-41107: SAML Signature Exclusion https://t.co/0IsPA64aaa iocs: https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107/
0
0
0
CVE-2024-41107: Apache CloudStack Vulnerability Exposes User Accounts to Compromise https://t.co/Geh5lol3Wx
0
0
2
ShapeBlue Security Advisory: Apache CloudStack CVE-2024-41107 SAML Signature Exclusion https://t.co/4QwpY10nIp
0
0
0
CVE-2024-41107 The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacke… https://t.co/WrX6TFGO2h
0
0
2
The Apache CloudStack project has announced an advisory against CVE-2024-41107, which affects CloudStack SAML users and is of severity ‘important’. Read the ShapeBlue Security advisory here and take action: https://t.co/cOxG0wTArb
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppApachecloudstack

References

ReferenceLink
[email protected]https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107
[email protected]https://github.com/apache/cloudstack/issues/4519
[email protected]https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3
[email protected]https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107
[email protected]http://www.openwall.com/lists/oss-security/2024/07/19/1
[email protected]http://www.openwall.com/lists/oss-security/2024/07/19/2
[email protected]https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107
[email protected]https://github.com/apache/cloudstack/issues/4519
[email protected]https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3
[email protected]https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/07/19/1
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/07/19/2
AF854A3A-2127-422B-91AE-364DA2661108https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/apache/cloudstack/issues/4519
AF854A3A-2127-422B-91AE-364DA2661108https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3
AF854A3A-2127-422B-91AE-364DA2661108https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107
[email protected]http://www.openwall.com/lists/oss-security/2024/07/19/1
[email protected]http://www.openwall.com/lists/oss-security/2024/07/19/2
[email protected]https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107
[email protected]https://github.com/apache/cloudstack/issues/4519
[email protected]https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3
[email protected]https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107

CWE Details

CWE IDCWE NameDescription
CWE-290Authentication Bypass by SpoofingThis attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence