[ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741)

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When

Re: [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741)

+ @Wido Hollander @Gabriel Beims Bräscher Wido, Gabriel, Request for building and publishing the deb/ubuntu packages for 4.16.1.1 and 4.17.0.1 on http://download.cloudstack.org. The EL7 and EL8 packages are