We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-21545



Description

Proxmox Virtual Environment is an open-source server management platform for enterprise virtualization. Insufficient safeguards against malicious API response values allow authenticated attackers with 'Sys.Audit' or 'VM.Monitor' privileges to download arbitrary host files via the API. When handling the result from a request handler before returning it to the user, the handle_api2_request function will check for the ‘download’ or ‘data’->’download’ objects inside the request handler call response object. If present, handle_api2_request will read a local file defined by this object and return it to the user. Two endpoints were identified which can control the object returned by a request handler sufficiently that the ’download’ object is defined and user controlled. This results in arbitrary file read. The privileges of this file read can result in full compromise of the system by various impacts such as disclosing sensitive files allowing for privileged session forgery.

Reserved 2023-12-22 | Published 2024-09-24 | Updated 2024-09-24 | Assigner snyk


HIGH: 8.2CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Problem types

External Control of File Name or Path

Product status

Any version before 7.4-19
affected

8.0.0 before 8.2.7
affected

Any version before 7.4-4
affected

8.0.0 before 8.2.5
affected

3.2-1 before 4.3.0
affected

5.0.0 before 5.1.1
affected

Any version before 7.3-12
affected

8.0.0 before 8.1.4
affected

Any version before 8.2.3
affected

Any version before 8.2.5
affected

Credits

Rory McNamara (Snyk Security Research)

References

git.proxmox.com/...8102d2eea9235720852fb60d90f405d0a;hb=HEAD

forum.proxmox.com/...-security-advisories.149331/post-705345

cve.org (CVE-2024-21545)

nvd.nist.gov (CVE-2024-21545)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-21545

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.