Home > Vulnerability Database > CVE-2024-29006

Mend.io Vulnerability Database

CVE-2024-29006

Date: April 4, 2024

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.

Language: Java

Severity Score

9.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29006

Url: https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp

Url: https://www.mend.io/vulnerability-database/CVE-2024-29006

Severity Score

9.8

Weakness Type (CWE)

Authentication Bypass by Spoofing

CWE-290

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29006

Date: April 4, 2024

Language: Java

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?