Home > Vulnerability Database > CVE-2024-45693

Mend.io Vulnerability Database

CVE-2024-45693

Date: October 16, 2024

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform.

Language: JS

Severity Score

8.0

Related Resources (6)

Url: https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2

Url: http://www.openwall.com/lists/oss-security/2024/10/15/5

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45693

Url: https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo

Url: https://seclists.org/oss-sec/2024/q4/28

Url: https://www.mend.io/vulnerability-database/CVE-2024-45693

Severity Score

8.0

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-45693

Date: October 16, 2024

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?