Vulnerabilites related to apache - cloudstack
Vulnerability from fkie_nvd
Published
2024-10-16 08:15
Modified
2024-11-21 09:37
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1.
Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "174E314B-9CD8-445B-AE96-A9AC4D5D8B80",
"versionEndExcluding": "4.18.2.4",
"versionStartIncluding": "4.15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B851F50-43E1-4DD1-989E-94676D12EC33",
"versionEndExcluding": "4.19.1.2",
"versionStartIncluding": "4.19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user\u0027s browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1.\n\n\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue."
},
{
"lang": "es",
"value": "La operaci\u00f3n de cierre de sesi\u00f3n en la interfaz web de CloudStack no hace que la sesi\u00f3n del usuario caduque por completo, lo que es v\u00e1lido hasta que caduque por tiempo o se reinicie el servicio de backend. Un atacante que tenga acceso al navegador de un usuario puede usar una sesi\u00f3n vigente para obtener acceso a los recursos que posee la cuenta de usuario que cerr\u00f3 la sesi\u00f3n. Este problema afecta a Apache CloudStack desde la versi\u00f3n 4.15.1.0 hasta la 4.18.2.3 y desde la versi\u00f3n 4.19.0.0 hasta la 4.19.1.1. Se recomienda a los usuarios que actualicen a Apache CloudStack 4.18.2.4 o 4.19.1.2, o una versi\u00f3n posterior, que soluciona este problema."
}
],
"id": "CVE-2024-45462",
"lastModified": "2024-11-21T09:37:48.420",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"source": "security@apache.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-16T08:15:05.933",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/10/15/4"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-08 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C39C06E-4113-4728-91B2-78043DBBAF73",
"versionEndIncluding": "4.5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server."
},
{
"lang": "es",
"value": "Apache CloudStack en versiones anteriores a 4.5.2 no conserva adecuadamente las contrase\u00f1as VNC al migrar m\u00e1quinas virtuales KVM, lo que permite a atacantes remotos obtener acceso mediante la conexi\u00f3n al servidor VNC."
}
],
"id": "CVE-2015-3252",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-08T19:59:02.610",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/537459/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537459/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-04 08:15
Modified
2025-09-02 21:14
Severity ?
Summary
The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | 4.19.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EE4F78-B6F4-43CB-979E-BFFFFA139AD5",
"versionEndExcluding": "4.18.1.1",
"versionStartIncluding": "4.9.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.19.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51E212EC-AC62-4533-B3B2-A660807F0C1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.\n\n"
},
{
"lang": "es",
"value": "Se podr\u00eda enga\u00f1ar al servidor de administraci\u00f3n de CloudStack y a la m\u00e1quina virtual de almacenamiento secundario para que realicen solicitudes a recursos restringidos o aleatorios mediante las siguientes redirecciones HTTP 301 presentadas por servidores externos al descargar plantillas o ISO. Se recomienda a los usuarios actualizar a la versi\u00f3n 4.18.1.1 o 4.19.0.1, que soluciona este problema."
}
],
"id": "CVE-2024-29007",
"lastModified": "2025-09-02T21:14:50.247",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-04T08:15:06.970",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-12 15:15
Modified
2025-02-04 18:23
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.
Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue.
Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.
for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done
For checking the whole template/volume features of each disk, operators can run the following command:
for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2845E705-B2F7-4443-AF76-9CE837B1A11D",
"versionEndExcluding": "4.18.2.5",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC061C58-2D0A-4B42-8EB9-1B156D8B31E6",
"versionEndExcluding": "4.19.1.3",
"versionStartIncluding": "4.19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. \n\nAdditionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.\n\n\nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully.\"; qemu-img info -U $file | grep file: ; printf \"\\n\\n\"; done\nFor checking the whole template/volume features of each disk, operators can run the following command:\n\n\nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info.\"; qemu-img info -U $file; printf \"\\n\\n\"; done"
},
{
"lang": "es",
"value": "De manera predeterminada, los usuarios de cuentas en Apache CloudStack pueden registrar plantillas para que se descarguen directamente al almacenamiento principal para implementar instancias. Debido a que faltan comprobaciones de validaci\u00f3n para las plantillas compatibles con KVM en CloudStack 4.0.0 a 4.18.2.4 y 4.19.0.0 a 4.19.1.2, un atacante que pueda registrar plantillas puede usarlas para implementar instancias maliciosas en entornos basados en KVM y aprovechar esto para obtener acceso a los sistemas de archivos del host, lo que podr\u00eda provocar la vulneraci\u00f3n de la integridad y la confidencialidad de los recursos, la p\u00e9rdida de datos, la denegaci\u00f3n de servicio y la disponibilidad de la infraestructura basada en KVM administrada por CloudStack. Se recomienda a los usuarios que actualicen a Apache CloudStack 4.18.2.5 o 4.19.1.3, o una versi\u00f3n posterior, que soluciona este problema. Adem\u00e1s, se pueden escanear todas las plantillas compatibles con KVM registradas por el usuario y verificar que sean archivos planos que no deber\u00edan utilizar funciones adicionales o innecesarias. Por ejemplo, los operadores pueden ejecutar el siguiente comando en sus almacenamientos primarios basados en archivos e inspeccionar la salida. Una salida vac\u00eda para el disco que se est\u00e1 validando significa que no tiene referencias a los sistemas de archivos del host; por otro lado, si la salida para el disco que se est\u00e1 validando no est\u00e1 vac\u00eda, podr\u00eda indicar un disco comprometido. Sin embargo, tenga en cuenta que (i) los vol\u00famenes creados a partir de plantillas tendr\u00e1n referencias para las plantillas al principio y (ii) los vol\u00famenes se pueden consolidar durante la migraci\u00f3n, perdiendo sus referencias a las plantillas. Por lo tanto, la ejecuci\u00f3n del comando para los almacenamientos primarios puede mostrar falsos positivos y falsos negativos. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Recuperando informaci\u00f3n del archivo [$file]. Si la salida no est\u00e1 vac\u00eda, eso podr\u00eda indicar un disco comprometido; verif\u00edquelo cuidadosamente.\"; qemu-img info -U $file | grep file: ; printf \"\\n\\n\"; hecho Para verificar todas las caracter\u00edsticas de la plantilla/volumen de cada disco, los operadores pueden ejecutar el siguiente comando: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Recuperando informaci\u00f3n del archivo [$file].\"; qemu-img info -U $file; printf \"\\n\\n\"; hecho"
}
],
"id": "CVE-2024-50386",
"lastModified": "2025-02-04T18:23:49.057",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "security@apache.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-12T15:15:10.397",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/d0x83c2cyglzzdw8csbop7mj7h83z95y"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-5-and-4-19-1-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/11/12/3"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-01-15 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | 4.4.0 | |
| apache | cloudstack | 4.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59054190-5699-4594-8FB8-8A62D084D542",
"versionEndIncluding": "4.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E73603B-B9C8-4C9E-9438-666D934870A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161B0BB9-32FC-4B73-B8E9-8068C3BE9FA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call."
},
{
"lang": "es",
"value": "Apache CloudStack anterior a 4.3.2 y 4.4.x anterior a 4.4.2 permite a atacantes remotos obtener claves privados a trav\u00e9s de una llamada a la API listSslCerts."
}
],
"id": "CVE-2014-9593",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-15T15:59:23.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62216"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-7952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-7952"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-08 19:59
Modified
2025-04-12 10:46
Severity ?
Summary
Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | 4.4.4 | |
| apache | cloudstack | 4.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "05F6E409-1C75-4119-978A-C5F9B9522302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03D7F22-2906-44E2-8BFA-9F47FC1860F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls."
},
{
"lang": "es",
"value": "Apache CloudStack en versiones anteriores a 4.5.2 podr\u00eda permitir a administradores remotos autenticados obtener informaci\u00f3n de contrase\u00f1a sensible para cuentas root de m\u00e1quinas virtuales a trav\u00e9s de vectores no especificados relacionado con llamadas API."
}
],
"id": "CVE-2015-3251",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-08T19:59:01.577",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C94DD4CB4-F718-4F79-A934-3D677E497114%40gmail.com%3E"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/537458/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C94DD4CB4-F718-4F79-A934-3D677E497114%40gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537458/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-10 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | 4.7.0 | |
| apache | cloudstack | 4.5.1 | |
| apache | cloudstack | 4.5.2 | |
| apache | cloudstack | 4.6.0 | |
| apache | cloudstack | 4.6.1 | |
| apache | cloudstack | 4.6.2 | |
| apache | cloudstack | 4.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7AE63F-5964-41B0-A8BA-6C1B37D568FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F03D7F22-2906-44E2-8BFA-9F47FC1860F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C46FF6A-EF32-4A62-8F92-3B91DD09A6A0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9267358-B059-4F79-9263-52E4AC7DA15F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C607535D-3F5C-4DBE-8781-DA9CEF86F147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC8DF1C-0C43-4216-8C09-5D1484A9F5A4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E1A01CFD-73DB-4E4F-9A79-4D4F6145F4E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin."
},
{
"lang": "es",
"value": "Apache CloudStack 4.5.x en versiones anteriores a 4.5.2.1, 4.6.x en versiones anteriores a 4.6.2.1, 4.7.x en versiones anteriores a 4.7.1.1 y 4.8.x en versiones anteriores a 4.8.0.1, cuando la autenticaci\u00f3n SAML-based est\u00e1 activa y en uso, permiten a atacantes remotos eludir la autenticaci\u00f3n y acceder a la interfaz de usuario a trav\u00e9s de vectores relacionados con el plugin SAML."
}
],
"id": "CVE-2016-3085",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-10T15:59:02.360",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/137390/Apache-CloudStack-4.5.0-Authentication-Bypass.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/538636/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/137390/Apache-CloudStack-4.5.0-Authentication-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/538636/100/0/threaded"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
},
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-16 08:15
Modified
2025-02-12 10:15
Severity ?
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled.
Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting "quota.enable.service" to "false".
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0AC5324-15B3-4E0F-AC67-84C754F9337C",
"versionEndExcluding": "4.18.2.4",
"versionStartIncluding": "4.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B851F50-43E1-4DD1-989E-94676D12EC33",
"versionEndExcluding": "4.19.1.2",
"versionStartIncluding": "4.19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled.\n\n\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.\u00a0Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting \"quota.enable.service\" to \"false\"."
},
{
"lang": "es",
"value": "La funci\u00f3n Cuota de CloudStack permite a los administradores de la nube implementar un sistema de cuota o l\u00edmite de uso para los recursos de la nube y est\u00e1 deshabilitada de forma predeterminada. En los entornos donde la funci\u00f3n est\u00e1 habilitada, debido a la falta de cumplimiento de las comprobaciones de acceso, las cuentas de usuario no administrativas de CloudStack pueden acceder y modificar las configuraciones y los datos relacionados con la cuota. Este problema afecta a Apache CloudStack desde la versi\u00f3n 4.7.0 hasta la 4.18.2.3 y desde la versi\u00f3n 4.19.0.0 hasta la 4.19.1.1, donde la funci\u00f3n Cuota est\u00e1 habilitada. Se recomienda a los usuarios que actualicen a Apache CloudStack 4.18.2.4 o 4.19.1.2, o posterior, que soluciona este problema. Como alternativa, se recomienda a los usuarios que no usan la funci\u00f3n Cuota que deshabiliten el complemento configurando la configuraci\u00f3n global \"quota.enable.service\" en \"false\"."
}
],
"id": "CVE-2024-45461",
"lastModified": "2025-02-12T10:15:13.277",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.7,
"source": "security@apache.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-16T08:15:05.717",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo"
},
{
"source": "security@apache.org",
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-4-and-4-19-1-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/10/15/3"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@apache.org",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-05 14:15
Modified
2025-03-19 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value). An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.
Users are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3838B737-9231-4333-9777-8B49CBACC754",
"versionEndExcluding": "4.18.2.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1155DE75-1275-454F-9461-6DF70C73D1E2",
"versionEndExcluding": "4.19.0.2",
"versionStartIncluding": "4.19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value).\u00a0An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete\u00a0compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.\n\nUsers are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue."
},
{
"lang": "es",
"value": "El servicio API de integraci\u00f3n de CloudStack permite ejecutar su servidor API no autenticado (generalmente en el puerto 8096 cuando se configura y habilita a trav\u00e9s de la configuraci\u00f3n global Integration.api.port) para integraciones de portales internos y con fines de prueba. De forma predeterminada, el puerto del servicio API de integraci\u00f3n est\u00e1 deshabilitado y se considera deshabilitado cuando Integration.api.port se establece en 0 o negativo. Debido a una l\u00f3gica de inicializaci\u00f3n incorrecta, el servicio API de integraci\u00f3n escuchar\u00eda en un puerto aleatorio cuando su valor de puerto se establece en 0 (valor predeterminado). Un atacante que pueda acceder a la red de administraci\u00f3n de CloudStack podr\u00eda escanear y encontrar el puerto de servicio API de integraci\u00f3n aleatoria y explotarlo para realizar acciones administrativas no autorizadas y ejecutar c\u00f3digo remoto en hosts administrados de CloudStack y comprometer completamente la confidencialidad, integridad y disponibilidad de Infraestructura gestionada por CloudStack. Se recomienda a los usuarios restringir el acceso a la red en los hosts del servidor de administraci\u00f3n de CloudStack solo a los puertos esenciales. Se recomienda a los usuarios actualizar a la versi\u00f3n 4.18.2.1, 4.19.0.2 o posterior, que soluciona este problema."
}
],
"id": "CVE-2024-39864",
"lastModified": "2025-03-19T15:15:47.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-05T14:15:03.203",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/05/1"
},
{
"source": "security@apache.org",
"tags": [
"Release Notes"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1"
},
{
"source": "security@apache.org",
"tags": [
"Release Notes"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/05/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-2/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
},
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 23:15
Modified
2025-07-01 20:13
Severity ?
Summary
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.
Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:
* Strict validation on Role Type hierarchy: the caller's user-account role must be equal to or higher than the target user-account's role.
* API privilege comparison: the caller must possess all privileges of the user they are operating on.
* Two new domain-level settings (restricted to the default Admin):
- role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin".
- allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F76F9027-3B50-4AEA-8E3D-E0C8A4E256A8",
"versionEndExcluding": "4.19.3.0",
"versionStartIncluding": "4.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1FECD-94E6-4B2A-A52D-47D7FC8C9B10",
"versionEndExcluding": "4.20.1.0",
"versionStartIncluding": "4.20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts.\u00a0A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that\u00a0could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.\n\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:\n * Strict validation on Role Type hierarchy: the caller\u0027s user-account role must be equal to or higher than the target user-account\u0027s role.\n * API privilege comparison: the caller must possess all privileges of the user they are operating on. \n * Two new domain-level settings (restricted to the default Admin): \n\u2003- role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: \"Admin, DomainAdmin, ResourceAdmin\". \n\u00a0 \u00a0- allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escalada de privilegios en Apache CloudStack, versiones 4.10.0.0 a 4.20.0.0, donde un usuario administrador de dominio malintencionado en el dominio ROOT puede restablecer la contrase\u00f1a de las cuentas de usuario con el rol de administrador. Esta operaci\u00f3n no est\u00e1 restringida adecuadamente y permite al atacante asumir el control de cuentas de usuario con privilegios m\u00e1s altos. Un atacante malintencionado de dominio puede suplantar una cuenta de usuario administrador y obtener acceso a API y recursos confidenciales, lo que podr\u00eda comprometer la integridad y confidencialidad de los recursos, la p\u00e9rdida de datos, la denegaci\u00f3n de servicio y la disponibilidad de la infraestructura administrada por CloudStack. Se recomienda a los usuarios actualizar a Apache CloudStack 4.19.3.0 o 4.20.1.0, que soluciona el problema con lo siguiente: * Validaci\u00f3n estricta en la jerarqu\u00eda de tipos de rol: el rol de la cuenta de usuario del llamante debe ser igual o superior al rol de la cuenta de usuario de destino. * Comparaci\u00f3n de privilegios de API: el usuario que realiza la llamada debe tener todos los privilegios del usuario con el que opera. * Dos nuevas configuraciones a nivel de dominio (restringidas al administrador predeterminado): - role.types.allowed.for.operations.on.accounts.of.same.role.type: Define qu\u00e9 tipos de rol pueden actuar sobre usuarios del mismo tipo. Predeterminado: \"Admin, DomainAdmin, ResourceAdmin\". - allow.operations.on.users.in.same.account: Permite o impide las operaciones de usuario dentro de la misma cuenta. Predeterminado: true."
}
],
"id": "CVE-2025-47713",
"lastModified": "2025-07-01T20:13:19.260",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-10T23:15:58.320",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0/"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60"
},
{
"source": "security@apache.org",
"tags": [
"Broken Link"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-15 16:15
Modified
2024-11-21 06:54
Severity ?
Summary
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2022/03/15/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp | Exploit, Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/03/15/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FA5F54-22BD-4CF9-9678-CB0A022749C8",
"versionEndExcluding": "4.16.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack."
},
{
"lang": "es",
"value": "Apache CloudStack versiones anteriores a 4.16.1.0, usaba una generaci\u00f3n no segura de n\u00fameros aleatorios para los tokens de invitaci\u00f3n a proyectos. Si se crea una invitaci\u00f3n a un proyecto bas\u00e1ndose \u00fanicamente en una direcci\u00f3n de correo electr\u00f3nico, es generado un token aleatorio. Un atacante con conocimiento del ID del proyecto y el hecho de que la invitaci\u00f3n es enviada, podr\u00eda generar tokens deterministas en el tiempo e intentar por fuerza bruta usarlos antes de que el receptor leg\u00edtimo acepte la invitaci\u00f3n. Esta funci\u00f3n no est\u00e1 habilitada por defecto, el atacante debe conocer o adivinar el ID del proyecto para la invitaci\u00f3n, adem\u00e1s del token de invitaci\u00f3n, y el atacante tendr\u00eda que ser un usuario autorizado existente de CloudStack"
}
],
"id": "CVE-2022-26779",
"lastModified": "2024-11-21T06:54:29.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-15T16:15:09.563",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/1"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-18 15:15
Modified
2024-11-21 07:11
Severity ?
Summary
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2022/07/18/2 | Mailing List, Mitigation, Third Party Advisory | |
| security@apache.org | http://www.openwall.com/lists/oss-security/2022/07/20/1 | Mailing List, Mitigation, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f | Issue Tracking, Mailing List, Mitigation, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/07/18/2 | Mailing List, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/07/20/1 | Mailing List, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f | Issue Tracking, Mailing List, Mitigation, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | 4.17.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF22EB78-D382-40AF-ABF4-8747790EB168",
"versionEndExcluding": "4.16.1.1",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.17.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D14096B0-3C8C-4418-BB45-4F80E49338B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server."
},
{
"lang": "es",
"value": "Apache CloudStack versiones 4.5.0 y posteriores, presentan un plugin de proveedor de servicios de autenticaci\u00f3n SAML versi\u00f3n 2.0 que es encontrado vulnerable a una inyecci\u00f3n de entidad externa XML (XXE). Este plugin no est\u00e1 habilitado por defecto y el atacante necesitar\u00eda que este plugin estuviera habilitado para explotar la vulnerabilidad. Cuando el plugin SAML versi\u00f3n 2.0 est\u00e1 habilitado en las versiones afectadas de Apache CloudStack podr\u00eda permitir potencialmente una explotaci\u00f3n de las vulnerabilidades de tipo XXE. Los mensajes SAML versi\u00f3n 2.0 construidos durante el flujo de autenticaci\u00f3n en Apache CloudStack est\u00e1n basados en XML y los datos XML son analizados por varias bibliotecas est\u00e1ndar que ahora es entendido que son vulnerables a ataques de inyecci\u00f3n XXE como una lectura arbitraria de archivos, una posible denegaci\u00f3n de servicio, un ataque de tipo server-side request forgery (SSRF) en el servidor de administraci\u00f3n de CloudStack"
}
],
"id": "CVE-2022-35741",
"lastModified": "2024-11-21T07:11:34.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-18T15:15:08.837",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/18/2"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/1"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Mitigation",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-04 08:15
Modified
2025-06-30 15:00
Severity ?
Summary
A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to attach host devices such as storage disks, and PCI and USB devices such as network adapters and GPUs, in a regular VM instance that can be further exploited to gain access to the underlying network and storage infrastructure resources, and access any VM instance disks on the local storage.
Users are advised to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | 4.19.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9368B571-30EC-4EAF-BC4E-8D8DADC7D851",
"versionEndExcluding": "4.18.1.1",
"versionStartIncluding": "4.14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.19.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51E212EC-AC62-4533-B3B2-A660807F0C1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to\u00a0attach host devices such as storage disks, and PCI and USB devices such as network adapters and GPUs, in a regular VM instance that can be further exploited to gain access to the underlying network and storage infrastructure resources, and access any VM instance disks on the local storage.\n\nUsers are advised to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.\n\n"
},
{
"lang": "es",
"value": "Se ha identificado un problema en la funci\u00f3n de configuraci\u00f3n adicional de VM (extraconfig) de CloudStack que puede ser utilizada indebidamente por cualquier persona que tenga privilegios para implementar una instancia de VM o configurar los ajustes de una instancia de VM ya implementada, para modificar ajustes adicionales de VM incluso cuando la funci\u00f3n no est\u00e1 habilitado expl\u00edcitamente por el administrador. En un entorno CloudStack basado en KVM, un atacante puede aprovechar este problema para conectar dispositivos host, como discos de almacenamiento, y dispositivos PCI y USB, como adaptadores de red y GPU, en una instancia de VM normal que puede explotarse a\u00fan m\u00e1s para obtener acceso a recursos de infraestructura de red y almacenamiento, y acceder a cualquier disco de instancia de VM en el almacenamiento local. Se recomienda a los usuarios que actualicen a la versi\u00f3n 4.18.1.1 o 4.19.0.1, que soluciona este problema."
}
],
"id": "CVE-2024-29008",
"lastModified": "2025-06-30T15:00:30.947",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-04T08:15:07.063",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-05 14:15
Modified
2025-02-13 18:18
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code execution via agents on the hosts that may run as a privileged user. An attacker that can reach the cluster service on the unauthenticated port (default 9090), can exploit this to perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.
Users are recommended to restrict the network access to the cluster service port (default 9090) on a CloudStack management server host to only its peer CloudStack management server hosts. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3838B737-9231-4333-9777-8B49CBACC754",
"versionEndExcluding": "4.18.2.1",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1155DE75-1275-454F-9461-6DF70C73D1E2",
"versionEndExcluding": "4.19.0.2",
"versionStartIncluding": "4.19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code execution via agents on the hosts that may run as a privileged user.\u00a0An attacker that can reach the cluster service on the unauthenticated\u00a0port (default 9090), can exploit this to perform remote code execution on CloudStack managed hosts and result in complete\u00a0compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.\n\nUsers are recommended to restrict the network access to the cluster service port (default 9090) on a CloudStack management server host to only its peer CloudStack management server hosts.\u00a0Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue."
},
{
"lang": "es",
"value": "El servicio de cl\u00faster de CloudStack se ejecuta en un puerto no autenticado (9090 predeterminado) que puede usarse indebidamente para ejecutar comandos arbitrarios en hipervisores espec\u00edficos y hosts de servidores de administraci\u00f3n de CloudStack. Se descubri\u00f3 que algunos de estos comandos ten\u00edan vulnerabilidades de inyecci\u00f3n de comandos que pueden resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario a trav\u00e9s de agentes en los hosts que pueden ejecutarse como un usuario privilegiado. Un atacante que pueda acceder al servicio de cl\u00faster en el puerto no autenticado (9090 predeterminado) puede aprovechar esto para realizar la ejecuci\u00f3n remota de c\u00f3digo en hosts administrados por CloudStack y comprometer completamente la confidencialidad, integridad y disponibilidad de la infraestructura administrada por CloudStack. Se recomienda a los usuarios restringir el acceso a la red al puerto de servicio de cl\u00faster (9090 predeterminado) en un host del servidor de administraci\u00f3n de CloudStack solo a sus hosts del servidor de administraci\u00f3n de CloudStack pares. Se recomienda a los usuarios actualizar a la versi\u00f3n 4.18.2.1, 4.19.0.2 o posterior, que soluciona este problema."
}
],
"id": "CVE-2024-38346",
"lastModified": "2025-02-13T18:18:07.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-05T14:15:02.867",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/05/1"
},
{
"source": "security@apache.org",
"tags": [
"Release Notes"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1"
},
{
"source": "security@apache.org",
"tags": [
"Release Notes"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/05/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-2/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-26 10:39
Modified
2025-04-11 00:51
Severity ?
Summary
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | - | |
| citrix | cloudstack | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:-:prerelease:*:*:*:*:*:*",
"matchCriteriaId": "D0BFB5A1-6A88-4B82-B63C-CB8EE8C8576A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:cloudstack:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7DDB14-BAAF-4194-9FD8-A4767F792268",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs."
},
{
"lang": "es",
"value": "Citrix Cloud.com CloudStack, y Apache CloudStack pre-release, permite a atacantes remotos a realizar llamadas a la API aprovechando la cuenta system, como se demostr\u00f3 mediante llamadas a la API para eliminar VMs."
}
],
"id": "CVE-2012-4501",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-26T10:39:16.047",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0062.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html"
},
{
"source": "secalert@redhat.com",
"url": "http://markmail.org/thread/yfuxgymdqwg3kcg4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0062.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://markmail.org/thread/yfuxgymdqwg3kcg4"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-16 08:15
Modified
2025-07-01 20:28
Severity ?
Summary
Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.
Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.
Additionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk.
for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done
The command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.
For checking the whole template/volume features of each disk, operators can run the following command:
for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DDA155-897D-4FCE-B1C1-C3F5F70DFB89",
"versionEndExcluding": "4.18.2.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B851F50-43E1-4DD1-989E-94676D12EC33",
"versionEndExcluding": "4.19.1.2",
"versionStartIncluding": "4.19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. \n\nAdditionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk.\n\n\nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully.\"; qemu-img info -U $file | grep file: ; printf \"\\n\\n\"; done\nThe command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.\n\nFor checking the whole template/volume features of each disk, operators can run the following command:\n\n\nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info.\"; qemu-img info -U $file; printf \"\\n\\n\"; done"
},
{
"lang": "es",
"value": "De manera predeterminada, los usuarios de cuentas en Apache CloudStack pueden cargar y registrar plantillas para implementar instancias y vol\u00famenes para adjuntarlos como discos de datos a sus instancias existentes. Debido a que faltan comprobaciones de validaci\u00f3n para plantillas o vol\u00famenes compatibles con KVM en CloudStack 4.0.0 a 4.18.2.3 y 4.19.0.0 a 4.19.1.1, un atacante que pueda cargar o registrar plantillas y vol\u00famenes puede usarlos para implementar instancias maliciosas o adjuntar vol\u00famenes cargados a sus instancias existentes en entornos basados en KVM y aprovechar esto para obtener acceso a los sistemas de archivos del host, lo que podr\u00eda provocar la vulneraci\u00f3n de la integridad y confidencialidad de los recursos, la p\u00e9rdida de datos, la denegaci\u00f3n de servicio y la disponibilidad de la infraestructura basada en KVM administrada por CloudStack. Se recomienda a los usuarios que actualicen a Apache CloudStack 4.18.2.4 o 4.19.1.2, o una versi\u00f3n posterior, que soluciona este problema. Adem\u00e1s, todas las plantillas y vol\u00famenes compatibles con KVM cargados o registrados por el usuario se pueden escanear y verificar que sean archivos planos que no deber\u00edan usar ninguna caracter\u00edstica adicional o innecesaria. Por ejemplo, los operadores pueden ejecutar esto en sus almacenamientos secundarios e inspeccionar la salida. Una salida vac\u00eda para el disco que se est\u00e1 validando significa que no tiene referencias a los sistemas de archivos del host; por otro lado, si la salida para el disco que se est\u00e1 validando no est\u00e1 vac\u00eda, podr\u00eda indicar un disco comprometido. for file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Recuperando informaci\u00f3n del archivo [$file]. Si la salida no est\u00e1 vac\u00eda, eso podr\u00eda indicar un disco comprometido; verif\u00edquelo cuidadosamente.\"; qemu-img info -U $file | grep file: ; printf \"\\n\\n\"; done El comando tambi\u00e9n se puede ejecutar para los almacenamientos primarios basados en archivos; Sin embargo, tenga en cuenta que (i) los vol\u00famenes creados a partir de plantillas tendr\u00e1n referencias a las plantillas al principio y (ii) los vol\u00famenes se pueden consolidar durante la migraci\u00f3n, perdiendo sus referencias a las plantillas. Por lo tanto, la ejecuci\u00f3n del comando para los almacenamientos primarios puede mostrar tanto falsos positivos como falsos negativos. Para verificar todas las caracter\u00edsticas de plantilla/volumen de cada disco, los operadores pueden ejecutar el siguiente comando: for file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Recuperando informaci\u00f3n del archivo [$file].\"; qemu-img info -U $file; printf \"\\n\\n\"; done"
}
],
"id": "CVE-2024-45219",
"lastModified": "2025-07-01T20:28:53.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "security@apache.org",
"type": "Secondary"
}
]
},
"published": "2024-10-16T08:15:05.473",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-4-and-4-19-1-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/10/15/2"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-15 16:08
Modified
2025-04-11 00:51
Severity ?
Summary
The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | 2.0 | |
| apache | cloudstack | 2.0.1 | |
| apache | cloudstack | 2.1.0 | |
| apache | cloudstack | 2.1.1 | |
| apache | cloudstack | 2.1.2 | |
| apache | cloudstack | 2.1.3 | |
| apache | cloudstack | 2.1.4 | |
| apache | cloudstack | 2.1.5 | |
| apache | cloudstack | 2.1.6 | |
| apache | cloudstack | 2.1.7 | |
| apache | cloudstack | 2.1.8 | |
| apache | cloudstack | 2.1.9 | |
| apache | cloudstack | 2.1.10 | |
| apache | cloudstack | 2.2.0 | |
| apache | cloudstack | 2.2.1 | |
| apache | cloudstack | 2.2.2 | |
| apache | cloudstack | 2.2.3 | |
| apache | cloudstack | 2.2.5 | |
| apache | cloudstack | 2.2.6 | |
| apache | cloudstack | 2.2.7 | |
| apache | cloudstack | 2.2.8 | |
| apache | cloudstack | 2.2.9 | |
| apache | cloudstack | 2.2.11 | |
| apache | cloudstack | 2.2.12 | |
| apache | cloudstack | 2.2.13 | |
| apache | cloudstack | 2.2.14 | |
| apache | cloudstack | 3.0.0 | |
| apache | cloudstack | 3.0.1 | |
| apache | cloudstack | 3.0.2 | |
| apache | cloudstack | 4.0.0 | |
| apache | cloudstack | 4.0.1 | |
| apache | cloudstack | 4.0.2 | |
| apache | cloudstack | 4.1.0 | |
| apache | cloudstack | 4.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A27E27-29CE-482E-937B-6591394A0D52",
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.0:-:community:*:*:*:*:*",
"matchCriteriaId": "07DDD585-19E2-473A-B1A8-25BB3129D0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0AA4AC-3101-4012-AA43-7583CB077C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4E5F52-CBCF-47AC-A94A-980EF65841CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "14E0EF07-41E0-40E7-A0B4-210294118B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CF7900-A67B-4779-9F04-9C35B1460D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "355A13B2-73AB-4AA2-9EE7-AD588D5EE68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0583FF-C928-440E-894C-CB3EC2327444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "170F57A6-1FCE-439D-AED9-D60BCD9006EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2B711E-E37E-4D76-96E2-B2575B9B165E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC25A79-5B91-4BAC-A419-B1C7F20133FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "00E46243-C2DF-4448-B559-7AB4B8043CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "08F17588-845E-4C52-AB03-E939C7CCEDE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F77294-6AD9-4BEF-9B84-84067A8F4925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C067A21-0F97-4FB1-9D5B-65DADD589E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B321CA2-39D8-4DC6-843F-38BE3DBAE795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0601E746-2144-4AEC-A2A3-F35A67EC7AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F738C7C1-84B7-4E16-8F1A-4ACF3FE90A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA7376F-6160-4DDB-B0C3-D68719519256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FBF487-4528-4453-82D8-B10388FB6487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFDB749-57D9-4C81-A0BC-751F97183F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7882F0F9-EF9E-48BB-B609-2D3BAC089A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D50D8C-1739-4A08-891B-752F5048E1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E4F87FA-CE60-4BBE-AB61-4CDB76DE6C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E640A1C1-4B65-4978-B4CA-A1049B5C9443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4C539879-5EC9-4BA7-9FE1-B93933D77FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "836EF10E-6F1D-4E7A-B41C-34C5CD246C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09B6538-02FB-4AC8-9F1B-AAAE7A9BE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "518BB162-8FAD-4B73-87B0-604EA84B3DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C68CF8F3-D31B-4CDB-91C9-0334012C7CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.0:incubating:*:*:*:*:*:*",
"matchCriteriaId": "EA46B1B9-FCD7-4F3D-88E6-95B1A5A0497C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96C7798-F716-44DA-A57F-3103E001236B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "737C672C-D820-41B9-88E3-97DC113D9290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "033EBD77-72A2-42B7-952D-95A85D8CF262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3A13FB-6A1E-4E9C-B624-97F029188C5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request."
},
{
"lang": "es",
"value": "El router virtual en Apache CloudStack anteriores a 4.2.1 no mantiene las restricciones de or\u00edgenes en reglas del firewall despu\u00e9s de ser reiniciado, lo cual permite a atacantes remotos eludir restricciones intencionadas a trav\u00e9s de una petici\u00f3n."
}
],
"id": "CVE-2013-6398",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:M/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-15T16:08:03.813",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55960"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/60284"
},
{
"source": "secalert@redhat.com",
"url": "http://support.citrix.com/article/CTX140989"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/69432"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1030762"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.citrix.com/article/CTX140989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5263"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-19 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | 2.0 | |
| apache | cloudstack | 2.0.1 | |
| apache | cloudstack | 2.1.0 | |
| apache | cloudstack | 2.1.1 | |
| apache | cloudstack | 2.1.2 | |
| apache | cloudstack | 2.1.3 | |
| apache | cloudstack | 2.1.4 | |
| apache | cloudstack | 2.1.5 | |
| apache | cloudstack | 2.1.6 | |
| apache | cloudstack | 2.1.7 | |
| apache | cloudstack | 2.1.8 | |
| apache | cloudstack | 2.1.9 | |
| apache | cloudstack | 2.1.10 | |
| apache | cloudstack | 2.2.0 | |
| apache | cloudstack | 2.2.1 | |
| apache | cloudstack | 2.2.2 | |
| apache | cloudstack | 2.2.3 | |
| apache | cloudstack | 2.2.5 | |
| apache | cloudstack | 2.2.6 | |
| apache | cloudstack | 2.2.7 | |
| apache | cloudstack | 2.2.8 | |
| apache | cloudstack | 2.2.9 | |
| apache | cloudstack | 2.2.11 | |
| apache | cloudstack | 2.2.12 | |
| apache | cloudstack | 2.2.13 | |
| apache | cloudstack | 2.2.14 | |
| apache | cloudstack | 3.0.0 | |
| apache | cloudstack | 3.0.1 | |
| apache | cloudstack | 3.0.2 | |
| apache | cloudstack | 4.0.0 | |
| apache | cloudstack | 4.0.1 | |
| apache | cloudstack | 4.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "905B72D5-B6A2-4A63-80F1-F7411706B75C",
"versionEndIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.0:-:community:*:*:*:*:*",
"matchCriteriaId": "07DDD585-19E2-473A-B1A8-25BB3129D0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0AA4AC-3101-4012-AA43-7583CB077C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4E5F52-CBCF-47AC-A94A-980EF65841CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "14E0EF07-41E0-40E7-A0B4-210294118B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CF7900-A67B-4779-9F04-9C35B1460D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "355A13B2-73AB-4AA2-9EE7-AD588D5EE68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0583FF-C928-440E-894C-CB3EC2327444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "170F57A6-1FCE-439D-AED9-D60BCD9006EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2B711E-E37E-4D76-96E2-B2575B9B165E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC25A79-5B91-4BAC-A419-B1C7F20133FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "00E46243-C2DF-4448-B559-7AB4B8043CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "08F17588-845E-4C52-AB03-E939C7CCEDE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F77294-6AD9-4BEF-9B84-84067A8F4925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C067A21-0F97-4FB1-9D5B-65DADD589E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B321CA2-39D8-4DC6-843F-38BE3DBAE795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0601E746-2144-4AEC-A2A3-F35A67EC7AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F738C7C1-84B7-4E16-8F1A-4ACF3FE90A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA7376F-6160-4DDB-B0C3-D68719519256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FBF487-4528-4453-82D8-B10388FB6487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFDB749-57D9-4C81-A0BC-751F97183F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7882F0F9-EF9E-48BB-B609-2D3BAC089A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D50D8C-1739-4A08-891B-752F5048E1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E4F87FA-CE60-4BBE-AB61-4CDB76DE6C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E640A1C1-4B65-4978-B4CA-A1049B5C9443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4C539879-5EC9-4BA7-9FE1-B93933D77FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "836EF10E-6F1D-4E7A-B41C-34C5CD246C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09B6538-02FB-4AC8-9F1B-AAAE7A9BE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "518BB162-8FAD-4B73-87B0-604EA84B3DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C68CF8F3-D31B-4CDB-91C9-0334012C7CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.0:incubating:*:*:*:*:*:*",
"matchCriteriaId": "EA46B1B9-FCD7-4F3D-88E6-95B1A5A0497C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96C7798-F716-44DA-A57F-3103E001236B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "737C672C-D820-41B9-88E3-97DC113D9290",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified \"multi-edit fields;\" and (6) unspecified \"list view\" edit fields related to global settings."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades XSS en Apache CloudStack 4.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s de (1) un nombre f\u00edsico de red mediante el asistente de zona, (2) un nombre nuevo de red, (3) un nombre de instancia o (4) grupo en el asistente de instancias; (5) campos \"multiedit\" sin especificar y (6) campos editables del tipo \"list view\" sin especificar relacionados con los par\u00e1metros globales."
}
],
"id": "CVE-2013-2136",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-19T23:55:08.333",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0034.html"
},
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0047.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/96074"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/96075"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/96076"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/96077"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/96078"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54399"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/61638"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86258"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-2936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0034.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0047.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/96078"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54399"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/61638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-2936"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-04 08:15
Modified
2025-03-27 20:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | 4.19.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B50170D1-71D1-4F1E-A1A8-0611D6AD9765",
"versionEndExcluding": "4.18.1.1",
"versionStartIncluding": "4.11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.19.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51E212EC-AC62-4533-B3B2-A660807F0C1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.\n\n"
},
{
"lang": "es",
"value": "De forma predeterminada, el servidor de administraci\u00f3n de CloudStack respeta el encabezado HTTP x-forwarded-for y lo registra como la IP de origen de una solicitud de API. Esto podr\u00eda provocar una omisi\u00f3n de autenticaci\u00f3n y otros problemas operativos si un atacante decide falsificar su direcci\u00f3n IP de esta manera. Se recomienda a los usuarios actualizar a la versi\u00f3n 4.18.1.1 o 4.19.0.1 de CloudStack, que soluciona este problema."
}
],
"id": "CVE-2024-29006",
"lastModified": "2025-03-27T20:15:25.687",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-04T08:15:06.810",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 23:15
Modified
2025-07-01 19:25
Severity ?
Summary
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based Kubernetes cluster, can also access the API key and secret key of the 'kubeadmin' user of the CKS cluster's creator's account. An attacker who's a member of the project can exploit this to impersonate and perform privileged actions that can result in complete compromise of the confidentiality, integrity, and availability of resources owned by the creator's account.
CKS users are recommended to upgrade to version 4.19.3.0 or 4.20.1.0, which fixes this issue.Updating Existing Kubernetes Clusters in ProjectsA service account should be created for each project to provide limited access specifically for Kubernetes cluster providers and autoscaling. Follow the steps below to create a new service account, update the secret inside the cluster, and regenerate existing API and service keys:1. Create a New Service AccountCreate a new account using the role "Project Kubernetes Service Role" with the following details:
Account Name
kubeadmin-<FIRST_EIGHT_CHARACTERS_OF_PROJECT_ID>
First Name
Kubernetes
Last Name
Service User
Account Type
0 (Normal User)
Role ID
<ID_OF_SERVICE_ROLE>
2. Add the Service Account to the ProjectAdd this account to the project where the Kubernetes cluster(s) are hosted.
3. Generate API and Secret KeysGenerate API Key and Secret Key for the default user of this account.
4. Update the CloudStack Secret in the Kubernetes ClusterCreate a temporary file `/tmp/cloud-config` with the following data:
api-url = <API_URL> # For example: <MS_URL>/client/api
api-key = <SERVICE_USER_API_KEY>
secret-key = <SERVICE_USER_SECRET_KEY>
project-id = <PROJECT_ID>
Delete the existing secret using kubectl and Kubernetes cluster config:
./kubectl --kubeconfig kube.conf -n kube-system delete secret cloudstack-secret
Create a new secret using kubectl and Kubernetes cluster config:
./kubectl --kubeconfig kube.conf -n kube-system create secret generic cloudstack-secret --from-file=/tmp/cloud-config
Remove the temporary file:
rm /tmp/cloud-config5. Regenerate API and Secret KeysRegenerate the API and secret keys for the original user account that was used to create the Kubernetes cluster.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D199C3-AC0F-4B50-B3CE-43B0B5FABC40",
"versionEndExcluding": "4.19.3.0",
"versionStartIncluding": "4.17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1FECD-94E6-4B2A-A52D-47D7FC8C9B10",
"versionEndExcluding": "4.20.1.0",
"versionStartIncluding": "4.20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the \u0027kubeadmin\u0027 user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based Kubernetes cluster, can also access the API key and secret key of the \u0027kubeadmin\u0027 user of the CKS cluster\u0027s creator\u0027s account. An attacker who\u0027s a member of the project can exploit this to impersonate and perform privileged actions that can result in complete compromise of the confidentiality, integrity, and availability of resources owned by the creator\u0027s account.\n\nCKS users are recommended to upgrade to version 4.19.3.0 or 4.20.1.0, which fixes this issue.Updating Existing Kubernetes Clusters in ProjectsA service account should be created for each project to provide limited access specifically for Kubernetes cluster providers and autoscaling. Follow the steps below to create a new service account, update the secret inside the cluster, and regenerate existing API and service keys:1. Create a New Service AccountCreate a new account using the role \"Project Kubernetes Service Role\" with the following details:\n\nAccount Name\nkubeadmin-\u003cFIRST_EIGHT_CHARACTERS_OF_PROJECT_ID\u003e\nFirst Name\nKubernetes\nLast Name\nService User\nAccount Type\n0 (Normal User)\nRole ID\n\u003cID_OF_SERVICE_ROLE\u003e\n\n\n\n2. Add the Service Account to the ProjectAdd this account to the project where the Kubernetes cluster(s) are hosted.\n3. Generate API and Secret KeysGenerate API Key and Secret Key for the default user of this account.\n4. Update the CloudStack Secret in the Kubernetes ClusterCreate a temporary file `/tmp/cloud-config` with the following data:\n\u00a0\u00a0\u00a0api-url = \u003cAPI_URL\u003e \u00a0 \u00a0 # For example: \u003cMS_URL\u003e/client/api\n\u00a0 api-key = \u003cSERVICE_USER_API_KEY\u003e\n\u00a0 secret-key = \u003cSERVICE_USER_SECRET_KEY\u003e\n\u00a0 project-id = \u003cPROJECT_ID\u003e\n\n\n\n\nDelete the existing secret using kubectl and Kubernetes cluster config:\n\u00a0\u00a0\u00a0./kubectl --kubeconfig kube.conf -n kube-system delete secret cloudstack-secret\n\n\n\n\nCreate a new secret using kubectl and Kubernetes cluster config:\n\u00a0 \u00a0 ./kubectl --kubeconfig kube.conf -n kube-system create secret generic cloudstack-secret --from-file=/tmp/cloud-config\n\n\n\n\nRemove the temporary file:\n\u00a0 \u00a0 rm /tmp/cloud-config5. Regenerate API and Secret KeysRegenerate the API and secret keys for the original user account that was used to create the Kubernetes cluster."
},
{
"lang": "es",
"value": "Cuando una cuenta de usuario de Apache CloudStack crea un cl\u00faster de Kubernetes basado en CKS en un proyecto, la clave API y la clave secreta del usuario \"kubeadmin\" de la cuenta del autor de la llamada se utilizan para crear la configuraci\u00f3n secreta en el cl\u00faster de Kubernetes basado en CKS. Un miembro del proyecto con acceso al cl\u00faster de Kubernetes basado en CKS tambi\u00e9n puede acceder a la clave API y la clave secreta del usuario \"kubeadmin\" de la cuenta del creador del cl\u00faster. Un atacante miembro del proyecto puede aprovechar esto para suplantar la identidad y realizar acciones privilegiadas que pueden comprometer por completo la confidencialidad, integridad y disponibilidad de los recursos de la cuenta del creador. Se recomienda a los usuarios de CKS actualizar a la versi\u00f3n 4.19.3.0 o 4.20.1.0, que soluciona este problema. Actualizaci\u00f3n de cl\u00fasteres de Kubernetes existentes en proyectos. Se debe crear una cuenta de servicio para cada proyecto a fin de proporcionar acceso limitado, espec\u00edficamente para los proveedores de cl\u00fasteres de Kubernetes y el escalado autom\u00e1tico. Siga los pasos a continuaci\u00f3n para crear una nueva cuenta de servicio, actualizar el secreto dentro del cl\u00faster y regenerar las claves de API y de servicio existentes: 1. Cree una nueva cuenta de servicio. Cree una nueva cuenta con el rol \"Rol de servicio de Kubernetes del proyecto\" con la siguiente informaci\u00f3n: Nombre de la cuenta: kubeadmin- Nombre: Kubernetes Apellido: Usuario de servicio Tipo de cuenta: 0 (Usuario normal) ID de rol: 2. Agregue la cuenta de servicio al proyecto. Agregue esta cuenta al proyecto donde se alojan los cl\u00fasteres de Kubernetes. 3. Genere las claves de API y secretas. Genere la clave de API y la clave secreta para el usuario predeterminado de esta cuenta. 4. Actualice el secreto de CloudStack en el cl\u00faster de Kubernetes. Cree un archivo temporal `/tmp/cloud-config` con los siguientes datos: api-url = # Por ejemplo: /client/api api-key = secret-key = project-id = Elimine el secreto existente usando kubectl y la configuraci\u00f3n del cl\u00faster de Kubernetes: ./kubectl --kubeconfig kube.conf -n kube-system delete secret cloudstack-secret Cree un nuevo secreto usando kubectl y la configuraci\u00f3n del cl\u00faster de Kubernetes: ./kubectl --kubeconfig kube.conf -n kube-system create secret generic cloudstack-secret --from-file=/tmp/cloud-config Elimine el archivo temporal: rm /tmp/cloud-config5. Regenerar API y claves secretasRegenere la API y las claves secretas para la cuenta de usuario original que se utiliz\u00f3 para crear el cl\u00faster de Kubernetes."
}
],
"id": "CVE-2025-26521",
"lastModified": "2025-07-01T19:25:25.777",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-10T23:15:23.840",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0/"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60"
},
{
"source": "security@apache.org",
"tags": [
"Broken Link"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-05-14 17:15
Modified
2024-11-21 04:32
Severity ?
Summary
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread.html/rcbaafc6ae1f32e8f1e5987c243a26faf83c5172348ee7c17a54ea7f9%40%3Cusers.cloudstack.apache.org%3E | Exploit, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rcbaafc6ae1f32e8f1e5987c243a26faf83c5172348ee7c17a54ea7f9%40%3Cusers.cloudstack.apache.org%3E | Exploit, Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CC87AF-B5E9-491B-93ED-EAC217C74D51",
"versionEndExcluding": "4.13.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#\u0027;whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de desbordamiento del b\u00fafer en el componente baremetal de Apache CloudStack. Esto se aplica a todas las versiones anteriores a 4.13.1. La vulnerabilidad es debido a la falta de comprobaci\u00f3n del par\u00e1metro mac en el enrutador virtual baremetal. Si inserta un comando de shell arbitrario en el par\u00e1metro mac, v-router procesar\u00e1 el comando. Por ejemplo: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#\u0027;whoami;#. La mitigaci\u00f3n de este problema es una actualizaci\u00f3n a Apache CloudStack versi\u00f3n 4.13.1.0 o posterior."
}
],
"id": "CVE-2019-17562",
"lastModified": "2024-11-21T04:32:32.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-14T17:15:11.897",
"references": [
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rcbaafc6ae1f32e8f1e5987c243a26faf83c5172348ee7c17a54ea7f9%40%3Cusers.cloudstack.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/rcbaafc6ae1f32e8f1e5987c243a26faf83c5172348ee7c17a54ea7f9%40%3Cusers.cloudstack.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-06 14:29
Modified
2024-11-21 01:55
Severity ?
Summary
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://seclists.org/oss-sec/2018/q1/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2018/q1/1 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | 4.1.0 | |
| apache | cloudstack | 4.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "033EBD77-72A2-42B7-952D-95A85D8CF262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3A13FB-6A1E-4E9C-B624-97F029188C5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own."
},
{
"lang": "es",
"value": "En Apache CloudStack 4.1.0 y 4.1.1, al llamar a la API CloudStack call listProjectAccounts como usuario normal no administrativo, el usuario puede ver informaci\u00f3n de cuentas distintas a la propia."
}
],
"id": "CVE-2013-4317",
"lastModified": "2024-11-21T01:55:20.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-06T14:29:00.237",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2018/q1/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/oss-sec/2018/q1/1"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-10 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | 4.3.0 | |
| apache | cloudstack | 4.3.1 | |
| apache | cloudstack | 4.4.0 | |
| apache | cloudstack | 4.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9503C29-BEBB-46E8-B684-4EA9C6FC8A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18236450-EFF5-4E3E-840C-B1BC7FD96175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E73603B-B9C8-4C9E-9438-666D934870A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161B0BB9-32FC-4B73-B8E9-8068C3BE9FA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind."
},
{
"lang": "es",
"value": "Apache CloudStack 4.3.x anterior a 4.3.2 y 4.4.x anterior a 4.4.2 permite a atacantes remotos evadir la autenticaci\u00f3n a trav\u00e9s de una solicitud de inicio de sesi\u00f3n sin contrase\u00f1a, lo que provoca un v\u00ednculo no autenticado."
}
],
"id": "CVE-2014-7807",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-10T15:59:00.063",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://support.citrix.com/article/CTX200285"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/534176/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.citrix.com/article/CTX200285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/534176/100/0/threaded"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-07 08:16
Modified
2024-11-21 09:33
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin. An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss, denial of service and availability of CloudStack managed infrastructure.
Users are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue. Additionally, all account-user API and secret keys should be regenerated.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73701203-F488-4963-8CF6-B5C9577958FA",
"versionEndExcluding": "4.18.2.3",
"versionStartIncluding": "4.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "820D0BE9-6D2A-4EC1-A098-1A40DEB57BAA",
"versionEndExcluding": "4.19.1.1",
"versionStartIncluding": "4.19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can\u00a0generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations.\u00a0Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin.\u00a0An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss,\u00a0denial of service\u00a0and availability of CloudStack managed infrastructure.\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue.\u00a0Additionally, all account-user API and secret keys should be regenerated."
},
{
"lang": "es",
"value": "Los usuarios de cuentas de CloudStack utilizan de forma predeterminada la autenticaci\u00f3n basada en nombre de usuario y contrase\u00f1a para acceder a API y UI. Los usuarios de cuentas pueden generar y registrar API aleatorias y claves secretas y utilizarlas con fines de automatizaci\u00f3n e integraciones basadas en API. Debido a un problema de validaci\u00f3n de permisos de acceso que afecta a las versiones 4.10.0 hasta 4.19.1.0 de Apache CloudStack, se descubri\u00f3 que las cuentas de administrador de dominio pueden consultar todas las API y claves secretas de los usuarios de cuentas registrados en un entorno, incluida la de un administrador superusuario. Un atacante que tiene acceso de administrador de dominio puede aprovechar esto para obtener privilegios de administrador ra\u00edz y de otras cuentas y realizar operaciones maliciosas que pueden comprometer la integridad y confidencialidad de los recursos, la p\u00e9rdida de datos, la denegaci\u00f3n de servicio y la disponibilidad de la infraestructura administrada de CloudStack. Se recomienda a los usuarios actualizar a Apache CloudStack 4.18.2.3 o 4.19.1.1, o posterior, que soluciona este problema. Adem\u00e1s, se deben regenerar todas las API y claves secretas del usuario de la cuenta."
}
],
"id": "CVE-2024-42062",
"lastModified": "2024-11-21T09:33:30.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-08-07T08:16:12.250",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Release Notes"
],
"url": "https://lists.apache.org/thread/lxqtfd6407prbw3801hb4fz3ot3t8wlj"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-3-and-4-19-1-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/08/06/5"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-15 16:08
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | 2.0 | |
| apache | cloudstack | 2.0.1 | |
| apache | cloudstack | 2.1.0 | |
| apache | cloudstack | 2.1.1 | |
| apache | cloudstack | 2.1.2 | |
| apache | cloudstack | 2.1.3 | |
| apache | cloudstack | 2.1.4 | |
| apache | cloudstack | 2.1.5 | |
| apache | cloudstack | 2.1.6 | |
| apache | cloudstack | 2.1.7 | |
| apache | cloudstack | 2.1.8 | |
| apache | cloudstack | 2.1.9 | |
| apache | cloudstack | 2.1.10 | |
| apache | cloudstack | 2.2.0 | |
| apache | cloudstack | 2.2.1 | |
| apache | cloudstack | 2.2.2 | |
| apache | cloudstack | 2.2.3 | |
| apache | cloudstack | 2.2.5 | |
| apache | cloudstack | 2.2.6 | |
| apache | cloudstack | 2.2.7 | |
| apache | cloudstack | 2.2.8 | |
| apache | cloudstack | 2.2.9 | |
| apache | cloudstack | 2.2.11 | |
| apache | cloudstack | 2.2.12 | |
| apache | cloudstack | 2.2.13 | |
| apache | cloudstack | 2.2.14 | |
| apache | cloudstack | 3.0.0 | |
| apache | cloudstack | 3.0.1 | |
| apache | cloudstack | 3.0.2 | |
| apache | cloudstack | 4.0.0 | |
| apache | cloudstack | 4.0.1 | |
| apache | cloudstack | 4.0.2 | |
| apache | cloudstack | 4.1.0 | |
| apache | cloudstack | 4.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0A27E27-29CE-482E-937B-6591394A0D52",
"versionEndIncluding": "4.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.0:-:community:*:*:*:*:*",
"matchCriteriaId": "07DDD585-19E2-473A-B1A8-25BB3129D0C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0AA4AC-3101-4012-AA43-7583CB077C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E4E5F52-CBCF-47AC-A94A-980EF65841CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "14E0EF07-41E0-40E7-A0B4-210294118B5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D4CF7900-A67B-4779-9F04-9C35B1460D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "355A13B2-73AB-4AA2-9EE7-AD588D5EE68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0583FF-C928-440E-894C-CB3EC2327444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "170F57A6-1FCE-439D-AED9-D60BCD9006EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CD2B711E-E37E-4D76-96E2-B2575B9B165E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC25A79-5B91-4BAC-A419-B1C7F20133FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "00E46243-C2DF-4448-B559-7AB4B8043CD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "08F17588-845E-4C52-AB03-E939C7CCEDE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F77294-6AD9-4BEF-9B84-84067A8F4925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C067A21-0F97-4FB1-9D5B-65DADD589E56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B321CA2-39D8-4DC6-843F-38BE3DBAE795",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0601E746-2144-4AEC-A2A3-F35A67EC7AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F738C7C1-84B7-4E16-8F1A-4ACF3FE90A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA7376F-6160-4DDB-B0C3-D68719519256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FBF487-4528-4453-82D8-B10388FB6487",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0EFDB749-57D9-4C81-A0BC-751F97183F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7882F0F9-EF9E-48BB-B609-2D3BAC089A92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3D50D8C-1739-4A08-891B-752F5048E1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E4F87FA-CE60-4BBE-AB61-4CDB76DE6C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E640A1C1-4B65-4978-B4CA-A1049B5C9443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "4C539879-5EC9-4BA7-9FE1-B93933D77FA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:2.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "836EF10E-6F1D-4E7A-B41C-34C5CD246C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C09B6538-02FB-4AC8-9F1B-AAAE7A9BE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "518BB162-8FAD-4B73-87B0-604EA84B3DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C68CF8F3-D31B-4CDB-91C9-0334012C7CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.0:incubating:*:*:*:*:*:*",
"matchCriteriaId": "EA46B1B9-FCD7-4F3D-88E6-95B1A5A0497C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96C7798-F716-44DA-A57F-3103E001236B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "737C672C-D820-41B9-88E3-97DC113D9290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "033EBD77-72A2-42B7-952D-95A85D8CF262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3A13FB-6A1E-4E9C-B624-97F029188C5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request."
},
{
"lang": "es",
"value": "Las APIs (1) ListNetworkACL y (2) listNetworkACLLists en Apache CloudStack anteriores a 4.2.1 permite a usuarios autenticados remotamente listar networkACLS para otros usuarios a trav\u00e9s de una petici\u00f3n manipulada."
}
],
"id": "CVE-2014-0031",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-15T16:08:04.093",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55960"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55960"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5145"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-13 13:16
Modified
2025-07-01 19:20
Severity ?
Summary
CloudStack users can add and read comments (annotations) on resources they are authorised to access.
Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.
An attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.
This may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn't same as access to CloudStack resources, making this issue of very low severity and general low impact.
CloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/bbsm9fdwrgfyostzojh6ghpocgdmx8rs | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/01/13/1 | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E51B7CE9-833F-46FD-BF9D-4248F91E296A",
"versionStartIncluding": "4.16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CloudStack users can add and read comments (annotations) on resources they are authorised to access.\u00a0\n\nDue to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.\u00a0\n\nAn attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.\u00a0\n\nThis may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn\u0027t same as access to CloudStack resources, making this issue of very low severity and general low impact.\n\n\nCloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure."
},
{
"lang": "es",
"value": "Los usuarios de CloudStack pueden agregar y leer comentarios (anotaciones) en los recursos a los que est\u00e1n autorizados a acceder. Debido a un problema de validaci\u00f3n de acceso que afecta a las versiones de Apache CloudStack desde la 4.16.0, los usuarios que tienen acceso, acceso previo o conocimiento de los UUID de los recursos pueden enumerar y agregar comentarios (anotaciones) a dichos recursos. Un atacante con una cuenta de usuario y acceso o conocimiento previo de los UUID de los recursos puede aprovechar este problema para leer el contenido de los comentarios (anotaciones) o agregar comentarios maliciosos (anotaciones) a dichos recursos. Esto puede provocar una posible p\u00e9rdida de confidencialidad de los entornos y recursos de CloudStack si los comentarios (anotaciones) contienen informaci\u00f3n privilegiada. Sin embargo, adivinar o forzar brutamente los UUID de los recursos es generalmente dif\u00edcil o imposible y el acceso para enumerar o agregar comentarios no es lo mismo que el acceso a los recursos de CloudStack, lo que hace que este problema sea de muy baja gravedad y, en general, de bajo impacto. Los administradores de CloudStack tambi\u00e9n pueden prohibir el acceso a la API listAnnotations y addAnnotation a roles que no sean de administrador en su entorno como medida provisional."
}
],
"id": "CVE-2025-22828",
"lastModified": "2025-07-01T19:20:38.217",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-13T13:16:12.233",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/bbsm9fdwrgfyostzojh6ghpocgdmx8rs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/01/13/1"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-22 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | 4.0.0 | |
| citrix | cloudplatform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.0:incubating:*:*:*:*:*:*",
"matchCriteriaId": "EA46B1B9-FCD7-4F3D-88E6-95B1A5A0497C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:cloudplatform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7802906-7538-4434-B1F9-89C10ECE8A3E",
"versionEndIncluding": "3.0.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API."
},
{
"lang": "es",
"value": "CloudStack Apache v4.0.0-incubaci\u00f3n y Citrix CloudPlatform (anteriormente Citrix CloudStack ) anterior a v3.0.6 almacena informaci\u00f3n sensible en el archivo de registro log4j.conf, lo que permite a usuarios locales obtener (1) la clave privada SSH registradas por la API createSSHKeyPair, (2) la contrase\u00f1a de un host agregado registrada por la API AddHost, o la contrase\u00f1a de un VM a\u00f1adido seg\u00fan los registrado por el DeployVM (3) o (4) API ResetPasswordForVM."
}
],
"id": "CVE-2012-5616",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 1.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-22T23:55:02.887",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/89070"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/89146"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/89147"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2013/Jan/65"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/51366"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/51821"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/51827"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX136163"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57225"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/57259"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1027978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/89070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/89146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/89147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2013/Jan/65"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51821"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX136163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/57259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027978"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 23:15
Modified
2025-07-01 20:13
Severity ?
Summary
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.
Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:
* Strict validation on Role Type hierarchy: the caller's role must be equal to or higher than the target user's role.
* API privilege comparison: the caller must possess all privileges of the user they are operating on.
* Two new domain-level settings (restricted to the default admin):
- role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin".
- allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F76F9027-3B50-4AEA-8E3D-E0C8A4E256A8",
"versionEndExcluding": "4.19.3.0",
"versionStartIncluding": "4.10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1FECD-94E6-4B2A-A52D-47D7FC8C9B10",
"versionEndExcluding": "4.20.1.0",
"versionStartIncluding": "4.20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.\n\nUsers are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:\n\n\n * Strict validation on Role Type hierarchy: the caller\u0027s role must be equal to or higher than the target user\u0027s role.\u00a0\n * API privilege comparison: the caller must possess all privileges of the user they are operating on.\u00a0\n * Two new domain-level settings (restricted to the default admin):\u00a0\n\u2003- role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: \"Admin, DomainAdmin, ResourceAdmin\".\u00a0\n\u2003- allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de escalada de privilegios en Apache CloudStack, versiones 4.10.0.0 a 4.20.0.0, donde un usuario administrador de dominio malintencionado en el dominio ROOT puede obtener la clave API y la clave secreta de las cuentas de usuario con el rol de administrador en el mismo dominio. Esta operaci\u00f3n no est\u00e1 restringida adecuadamente y permite al atacante asumir el control sobre cuentas de usuario con mayores privilegios. Un atacante malintencionado de dominio puede suplantar una cuenta de usuario administrador y obtener acceso a API y recursos confidenciales que podr\u00edan comprometer la integridad y confidencialidad de los recursos, la p\u00e9rdida de datos, la denegaci\u00f3n de servicio y la disponibilidad de la infraestructura administrada por CloudStack. Se recomienda a los usuarios actualizar a Apache CloudStack 4.19.3.0 o 4.20.1.0, que soluciona el problema con lo siguiente: * Validaci\u00f3n estricta en la jerarqu\u00eda de tipos de rol: el rol del llamante debe ser igual o superior al rol del usuario objetivo. * Comparaci\u00f3n de privilegios de API: el usuario que realiza la llamada debe tener todos los privilegios del usuario con el que opera. * Dos nuevas configuraciones a nivel de dominio (restringidas al administrador predeterminado): - role.types.allowed.for.operations.on.accounts.of.same.role.type: Define qu\u00e9 tipos de rol pueden actuar sobre usuarios del mismo tipo. Predeterminado: \"Admin, DomainAdmin, ResourceAdmin\". - allow.operations.on.users.in.same.account: Permite o impide las operaciones de usuario dentro de la misma cuenta. Predeterminado: true."
}
],
"id": "CVE-2025-47849",
"lastModified": "2025-07-01T20:13:33.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-06-10T23:15:58.453",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0/"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60"
},
{
"source": "security@apache.org",
"tags": [
"Broken Link"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-10 23:15
Modified
2025-06-25 19:38
Severity ?
Summary
The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for any account in the environment and list their configurations.
Quota plugin users using CloudStack 4.20.0.0 are recommended to upgrade to CloudStack version 4.20.1.0, which fixes this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | 4.20.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.20.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF75DE62-7CFF-4E3E-8658-A0E1AFA4B52A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for any account in the environment and list their configurations.\n\nQuota plugin users using CloudStack 4.20.0.0 are recommended to upgrade to CloudStack version 4.20.1.0, which fixes this issue."
},
{
"lang": "es",
"value": "El complemento CloudStack Quota, presenta una l\u00f3gica de gesti\u00f3n de privilegios incorrecta en la versi\u00f3n 4.20.0.0. Cualquier persona con acceso autenticado a cuentas de usuario en entornos de CloudStack 4.20.0.0 donde este complemento est\u00e9 habilitado y tenga acceso a API espec\u00edficas puede habilitar o deshabilitar la recepci\u00f3n de correos electr\u00f3nicos relacionados con la cuota para cualquier cuenta del entorno y mostrar sus configuraciones. Se recomienda a los usuarios del complemento de cuota que utilicen CloudStack 4.20.0.0 que actualicen a la versi\u00f3n 4.20.1.0 de CloudStack, que soluciona este problema."
}
],
"id": "CVE-2025-22829",
"lastModified": "2025-06-25T19:38:05.817",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"source": "security@apache.org",
"type": "Secondary"
}
]
},
"published": "2025-06-10T23:15:22.740",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cloudstack.staged.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60"
},
{
"source": "security@apache.org",
"tags": [
"Broken Link"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-06 14:29
Modified
2024-11-21 02:56
Severity ?
Summary
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | 4.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B570E8D3-27E5-472D-8784-5E8F27FE5E72",
"versionEndIncluding": "4.8.1.0",
"versionStartIncluding": "4.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C603A0-F01A-44EB-A1C8-AD7A1C580A39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-\"root\") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources."
},
{
"lang": "es",
"value": "Apache CloudStack 4.1 a 4.8.1.0 y 4.9.0.0 contiene una llamada API dise\u00f1ada para permitir a un usuario registrarse en la API del desarrollador. Si un usuario malicioso es capaz de determinar el ID de otro usuario (non-\"root\") de CloudStack, el usuario malicioso podr\u00eda restrablecer las claves API para el otro usuario, pudiendo acceder a su cuenta y recursos."
}
],
"id": "CVE-2016-6813",
"lastModified": "2024-11-21T02:56:52.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-06T14:29:00.300",
"references": [
{
"source": "security@apache.org",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201610.mbox/%3CCAJtfqCupOYQoNY2BNx86_zauses_MpmpiX8WciO_DEaWp6uNig%40mail.gmail.com%3E"
},
{
"source": "security@apache.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93945"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://s.apache.org/qV5l"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201610.mbox/%3CCAJtfqCupOYQoNY2BNx86_zauses_MpmpiX8WciO_DEaWp6uNig%40mail.gmail.com%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://s.apache.org/qV5l"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-23 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | 4.0.0 | |
| apache | cloudstack | 4.0.1 | |
| apache | cloudstack | 4.0.2 | |
| citrix | cloudplatform | 3.0 | |
| citrix | cloudplatform | 3.0.3 | |
| citrix | cloudplatform | 3.0.4 | |
| citrix | cloudplatform | 3.0.5 | |
| citrix | cloudplatform | 3.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.0:incubating:*:*:*:*:*:*",
"matchCriteriaId": "EA46B1B9-FCD7-4F3D-88E6-95B1A5A0497C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96C7798-F716-44DA-A57F-3103E001236B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "737C672C-D820-41B9-88E3-97DC113D9290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:cloudplatform:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DE26F1-B341-4A50-BF9A-42488250D319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:cloudplatform:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91ED0724-C941-49CC-B96F-207FA4425CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:cloudplatform:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "969E1C34-D7A0-4B0C-B83C-146C73439EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:cloudplatform:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1849E592-502C-43D3-834A-298DEFA9646C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:cloudplatform:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23469BDA-56CE-4F88-BC32-6F2AC8D60703",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code."
},
{
"lang": "es",
"value": "Apache CloudStack 4.0.0 anterior a 4.0.2 y Citrix CloudPlatform (anteriormente Citrix CloudStack) 3.0.x anterior a 3.0.6 Patch C permite a atacantes remotos evadir la autenticaci\u00f3n de proxy de consola mediante el conocimiento del c\u00f3digo fuente."
}
],
"id": "CVE-2013-2756",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-23T14:55:10.867",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/92748"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/53175"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/53204"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX135815"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/59463"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1028473"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/92748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/53175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/53204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX135815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/59463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-07 08:16
Modified
2025-03-14 16:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data.
Affected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3 | Vendor Advisory | |
| security@apache.org | https://github.com/apache/cloudstack/issues/9456 | Exploit, Issue Tracking, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/lxqtfd6407prbw3801hb4fz3ot3t8wlj | Mailing List, Vendor Advisory | |
| security@apache.org | https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-3-and-4-19-1-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/08/06/6 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | 4.19.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.19.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F28C1387-130B-4479-BE47-3CEBC3E92C5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data.\n\nAffected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1."
},
{
"lang": "es",
"value": "En Apache CloudStack 4.19.1.0, una regresi\u00f3n en la API de listado de redes permite el acceso no autorizado a la lista de detalles de la red para el administrador del dominio y las cuentas de usuario normales. Esta vulnerabilidad compromete el aislamiento de los inquilinos, lo que podr\u00eda provocar un acceso no autorizado a los detalles, las configuraciones y los datos de la red. Se recomienda a los usuarios afectados que actualicen a la versi\u00f3n 4.19.1.1 para solucionar este problema. Los usuarios de versiones anteriores de CloudStack que est\u00e9n considerando actualizar, pueden omitir 4.19.1.0 y actualizar directamente a 4.19.1.1."
}
],
"id": "CVE-2024-42222",
"lastModified": "2025-03-14T16:15:34.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-08-07T08:16:12.473",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3"
},
{
"source": "security@apache.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/apache/cloudstack/issues/9456"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/lxqtfd6407prbw3801hb4fz3ot3t8wlj"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-3-and-4-19-1-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/08/06/6"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-23 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | 4.0.0 | |
| apache | cloudstack | 4.0.1 | |
| apache | cloudstack | 4.0.2 | |
| citrix | cloudplatform | 3.0 | |
| citrix | cloudplatform | 3.0.3 | |
| citrix | cloudplatform | 3.0.4 | |
| citrix | cloudplatform | 3.0.5 | |
| citrix | cloudplatform | 3.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.0:incubating:*:*:*:*:*:*",
"matchCriteriaId": "EA46B1B9-FCD7-4F3D-88E6-95B1A5A0497C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96C7798-F716-44DA-A57F-3103E001236B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "737C672C-D820-41B9-88E3-97DC113D9290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:cloudplatform:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0DE26F1-B341-4A50-BF9A-42488250D319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:cloudplatform:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91ED0724-C941-49CC-B96F-207FA4425CF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:cloudplatform:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "969E1C34-D7A0-4B0C-B83C-146C73439EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:cloudplatform:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1849E592-502C-43D3-834A-298DEFA9646C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:citrix:cloudplatform:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "23469BDA-56CE-4F88-BC32-6F2AC8D60703",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack."
},
{
"lang": "es",
"value": "Apache CloudStack 4.0.0 anterior a 4.0.2 y Citrix CloudPlatform (anteriormente Citrix CloudStack) 3.0.x anterior a 3.0.6 Patch C utiliza un hash de una secuencia previsible, lo que facilita a atacantes remotos adivinar la URL de acceso de consola a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2013-2758",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-05-23T14:55:11.023",
"references": [
{
"source": "cve@mitre.org",
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/92749"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/53175"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/53204"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX135815"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/59464"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1028473"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/92749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/53175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/53204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.citrix.com/article/CTX135815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/59464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1028473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83782"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-11 00:15
Modified
2025-07-01 20:14
Severity ?
Summary
In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the 'domainid' parameter along with the 'filter=self' or 'filter=selfexecutable' values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain.
A malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.
This vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller's scope rather than defaulting to the ROOT domain.
Affected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2CBB12-83B5-41E9-9C38-5C36008CC567",
"versionEndExcluding": "4.19.3.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67E1FECD-94E6-4B2A-A52D-47D7FC8C9B10",
"versionEndExcluding": "4.20.1.0",
"versionStartIncluding": "4.20.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the \u0027domainid\u0027 parameter along with the \u0027filter=self\u0027 or \u0027filter=selfexecutable\u0027 values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain.\n\nA malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.\u00a0\n\nThis vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller\u0027s scope rather than defaulting to the ROOT domain.\n\n\n\n\nAffected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0."
},
{
"lang": "es",
"value": "En Apache CloudStack, una falla en el control de acceso afecta a las API listTemplates y listIsos. Un administrador de dominio o de recursos malintencionado puede explotar este problema especificando intencionadamente el par\u00e1metro \"domainid\" junto con los valores \"filter=self\" o \"filter=selfexecutable\". Esto permite al atacante obtener acceso no autorizado a plantillas e ISOs del dominio ROOT. Un administrador malintencionado puede enumerar y extraer metadatos de plantillas e ISOs pertenecientes a dominios no relacionados, violando los l\u00edmites de aislamiento y exponiendo potencialmente detalles confidenciales o de configuraci\u00f3n interna. Esta vulnerabilidad se ha corregido garantizando que la resoluci\u00f3n del dominio se ajuste estrictamente al alcance del llamante, en lugar de usar el dominio ROOT por defecto. Se recomienda a los usuarios afectados actualizar a Apache CloudStack 4.19.3.0 o 4.20.1.0."
}
],
"id": "CVE-2025-30675",
"lastModified": "2025-07-01T20:14:05.047",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "security@apache.org",
"type": "Secondary"
}
]
},
"published": "2025-06-11T00:15:24.730",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0/"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60"
},
{
"source": "security@apache.org",
"tags": [
"Broken Link"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-19 11:15
Modified
2025-03-19 19:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account.
Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36C67E7A-D4BB-4387-B6E3-BBD3664BAC4F",
"versionEndExcluding": "4.18.2.2",
"versionStartIncluding": "4.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3754C895-06B3-4750-B59E-AB9902E0BD73",
"versionEndExcluding": "4.19.1.0",
"versionStartIncluding": "4.19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account.\u00a0In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account.\n\nAffected users are recommended to disable the SAML authentication plugin by setting the\u00a0\"saml2.enabled\" global setting to \"false\", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue."
},
{
"lang": "es",
"value": "La autenticaci\u00f3n SAML de CloudStack (deshabilitada de forma predeterminada) no exige la verificaci\u00f3n de firmas. En entornos de CloudStack donde la autenticaci\u00f3n SAML est\u00e1 habilitada, un atacante que inicia la autenticaci\u00f3n de inicio de sesi\u00f3n \u00fanico SAML de CloudStack puede omitir la autenticaci\u00f3n SAML enviando una respuesta SAML falsificada sin firma y con un nombre de usuario conocido o adivinado y otros detalles de usuario de un usuario de CloudStack habilitado para SAML. cuenta. En tales entornos, esto puede resultar en un compromiso total de los recursos que posee y/o a los que puede acceder una cuenta de usuario habilitada para SAML. Se recomienda a los usuarios afectados que deshabiliten el complemento de autenticaci\u00f3n SAML configurando \"saml2.enabled\" en configuraci\u00f3n global en \"false\" o actualicen a la versi\u00f3n 4.18.2.2, 4.19.1.0 o posterior, que soluciona este problema."
}
],
"id": "CVE-2024-41107",
"lastModified": "2025-03-19T19:15:41.073",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-19T11:15:03.323",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/19/1"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/19/2"
},
{
"source": "security@apache.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/cloudstack/issues/4519"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/19/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/19/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/apache/cloudstack/issues/4519"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-16 08:15
Modified
2024-11-21 09:37
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform.
This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1
Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cloudstack | * | |
| apache | cloudstack | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "174E314B-9CD8-445B-AE96-A9AC4D5D8B80",
"versionEndExcluding": "4.18.2.4",
"versionStartIncluding": "4.15.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B851F50-43E1-4DD1-989E-94676D12EC33",
"versionEndExcluding": "4.19.1.2",
"versionStartIncluding": "4.19.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Users logged into the Apache CloudStack\u0027s web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead\u00a0to account takeover,\u00a0disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform.\n\nThis issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1\n\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue."
},
{
"lang": "es",
"value": "Los usuarios que hayan iniciado sesi\u00f3n en la interfaz web de Apache CloudStack pueden ser enga\u00f1ados para que env\u00eden solicitudes CSRF maliciosas debido a la falta de validaci\u00f3n del origen de las solicitudes. Esto puede permitir que un atacante obtenga privilegios y acceso a los recursos de los usuarios autenticados y puede provocar la apropiaci\u00f3n de cuentas, interrupciones, exposici\u00f3n de datos confidenciales y comprometer la integridad de los recursos propiedad de la cuenta de usuario que son administrados por la plataforma. Este problema afecta a Apache CloudStack desde la versi\u00f3n 4.15.1.0 hasta la 4.18.2.3 y desde la versi\u00f3n 4.19.0.0 hasta la 4.19.1.1. Se recomienda a los usuarios que actualicen a Apache CloudStack 4.18.2.4 o 4.19.1.2, o posterior, que soluciona este problema."
}
],
"id": "CVE-2024-45693",
"lastModified": "2024-11-21T09:37:59.820",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.8,
"source": "security@apache.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-16T08:15:06.160",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/10/15/5"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
CVE-2013-6398 (GCVE-0-2013-6398)
Vulnerability from cvelistv5
Published
2014-01-14 18:00
Modified
2024-08-06 17:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/60284 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/55960 | third-party-advisory, x_refsource_SECUNIA | |
| https://issues.apache.org/jira/browse/CLOUDSTACK-5263 | x_refsource_CONFIRM | |
| https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/69432 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1030762 | vdb-entry, x_refsource_SECTRACK | |
| http://support.citrix.com/article/CTX140989 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:39:01.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60284"
},
{
"name": "55960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual"
},
{
"name": "69432",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69432"
},
{
"name": "1030762",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030762"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX140989"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-29T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60284",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60284"
},
{
"name": "55960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual"
},
{
"name": "69432",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69432"
},
{
"name": "1030762",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030762"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX140989"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60284"
},
{
"name": "55960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55960"
},
{
"name": "https://issues.apache.org/jira/browse/CLOUDSTACK-5263",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5263"
},
{
"name": "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual",
"refsource": "CONFIRM",
"url": "https://blogs.apache.org/cloudstack/entry/cve_2013_6398_cloudstack_virtual"
},
{
"name": "69432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69432"
},
{
"name": "1030762",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030762"
},
{
"name": "http://support.citrix.com/article/CTX140989",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX140989"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-6398",
"datePublished": "2014-01-14T18:00:00",
"dateReserved": "2013-11-04T00:00:00",
"dateUpdated": "2024-08-06T17:39:01.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2756 (GCVE-0-2013-2756)
Vulnerability from cvelistv5
Published
2014-05-23 14:00
Modified
2024-08-06 15:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83781 | vdb-entry, x_refsource_XF | |
| http://support.citrix.com/article/CTX135815 | x_refsource_CONFIRM | |
| http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/92748 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/59463 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1028473 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/53204 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/53175 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cloudstack-cve20132756-sec-bypass(83781)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX135815"
},
{
"name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
},
{
"name": "92748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/92748"
},
{
"name": "59463",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59463"
},
{
"name": "1028473",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028473"
},
{
"name": "53204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53204"
},
{
"name": "53175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cloudstack-cve20132756-sec-bypass(83781)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX135815"
},
{
"name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
},
{
"name": "92748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/92748"
},
{
"name": "59463",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59463"
},
{
"name": "1028473",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028473"
},
{
"name": "53204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53204"
},
{
"name": "53175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53175"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cloudstack-cve20132756-sec-bypass(83781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83781"
},
{
"name": "http://support.citrix.com/article/CTX135815",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX135815"
},
{
"name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300@stratosec.co%3E"
},
{
"name": "92748",
"refsource": "OSVDB",
"url": "http://osvdb.org/92748"
},
{
"name": "59463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59463"
},
{
"name": "1028473",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028473"
},
{
"name": "53204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53204"
},
{
"name": "53175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53175"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2756",
"datePublished": "2014-05-23T14:00:00",
"dateReserved": "2013-04-03T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2758 (GCVE-0-2013-2758)
Vulnerability from cvelistv5
Published
2014-05-23 14:00
Modified
2024-08-06 15:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/92749 | vdb-entry, x_refsource_OSVDB | |
| http://support.citrix.com/article/CTX135815 | x_refsource_CONFIRM | |
| http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1028473 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83782 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/53204 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/59464 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/53175 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.690Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "92749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/92749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX135815"
},
{
"name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
},
{
"name": "1028473",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1028473"
},
{
"name": "cloudstack-cve20132758-info-disc(83782)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83782"
},
{
"name": "53204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53204"
},
{
"name": "59464",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59464"
},
{
"name": "53175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53175"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "92749",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/92749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX135815"
},
{
"name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300%40stratosec.co%3E"
},
{
"name": "1028473",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1028473"
},
{
"name": "cloudstack-cve20132758-info-disc(83782)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83782"
},
{
"name": "53204",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53204"
},
{
"name": "59464",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59464"
},
{
"name": "53175",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53175"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "92749",
"refsource": "OSVDB",
"url": "http://osvdb.org/92749"
},
{
"name": "http://support.citrix.com/article/CTX135815",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX135815"
},
{
"name": "[cloudstack-dev] 20130424 Apache CloudStack Security Advisory: Multiple vulnerabilities in Apache CloudStack",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-dev/201304.mbox/%3C51786984.1060300@stratosec.co%3E"
},
{
"name": "1028473",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028473"
},
{
"name": "cloudstack-cve20132758-info-disc(83782)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83782"
},
{
"name": "53204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53204"
},
{
"name": "59464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59464"
},
{
"name": "53175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53175"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2758",
"datePublished": "2014-05-23T14:00:00",
"dateReserved": "2013-04-03T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2136 (GCVE-0-2013-2136)
Vulnerability from cvelistv5
Published
2013-08-19 23:00
Modified
2024-08-06 15:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified "multi-edit fields;" and (6) unspecified "list view" edit fields related to global settings.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86258 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/61638 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/96078 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/bugtraq/2013-08/0034.html | mailing-list, x_refsource_BUGTRAQ | |
| http://archives.neohapsis.com/archives/bugtraq/2013-08/0047.html | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/96074 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/96076 | vdb-entry, x_refsource_OSVDB | |
| https://issues.apache.org/jira/browse/CLOUDSTACK-2936 | x_refsource_CONFIRM | |
| http://osvdb.org/96075 | vdb-entry, x_refsource_OSVDB | |
| http://osvdb.org/96077 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/54399 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:40.784Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "apache-cloudstack-cve20132136-xss(86258)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86258"
},
{
"name": "61638",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/61638"
},
{
"name": "96078",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96078"
},
{
"name": "20130806 [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0034.html"
},
{
"name": "20130807 Updated [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0047.html"
},
{
"name": "96074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96074"
},
{
"name": "96076",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-2936"
},
{
"name": "96075",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96075"
},
{
"name": "96077",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/96077"
},
{
"name": "54399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified \"multi-edit fields;\" and (6) unspecified \"list view\" edit fields related to global settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "apache-cloudstack-cve20132136-xss(86258)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86258"
},
{
"name": "61638",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/61638"
},
{
"name": "96078",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96078"
},
{
"name": "20130806 [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0034.html"
},
{
"name": "20130807 Updated [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0047.html"
},
{
"name": "96074",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96074"
},
{
"name": "96076",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-2936"
},
{
"name": "96075",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96075"
},
{
"name": "96077",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/96077"
},
{
"name": "54399",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified \"multi-edit fields;\" and (6) unspecified \"list view\" edit fields related to global settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apache-cloudstack-cve20132136-xss(86258)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86258"
},
{
"name": "61638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61638"
},
{
"name": "96078",
"refsource": "OSVDB",
"url": "http://osvdb.org/96078"
},
{
"name": "20130806 [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0034.html"
},
{
"name": "20130807 Updated [CVE-2013-2136] Apache CloudStack Cross-site scripting (XSS) vulnerabiliity",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0047.html"
},
{
"name": "96074",
"refsource": "OSVDB",
"url": "http://osvdb.org/96074"
},
{
"name": "96076",
"refsource": "OSVDB",
"url": "http://osvdb.org/96076"
},
{
"name": "https://issues.apache.org/jira/browse/CLOUDSTACK-2936",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-2936"
},
{
"name": "96075",
"refsource": "OSVDB",
"url": "http://osvdb.org/96075"
},
{
"name": "96077",
"refsource": "OSVDB",
"url": "http://osvdb.org/96077"
},
{
"name": "54399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2136",
"datePublished": "2013-08-19T23:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:40.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4501 (GCVE-0-2012-4501)
Vulnerability from cvelistv5
Published
2012-10-26 10:00
Modified
2024-09-17 00:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/thread/yfuxgymdqwg3kcg4 | mailing-list, x_refsource_MLIST | |
| http://archives.neohapsis.com/archives/bugtraq/2012-10/0062.html | mailing-list, x_refsource_BUGTRAQ | |
| http://cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:10.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[cloudstack-dev] 20121007 [CVE-2012-4501] CloudStack security announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://markmail.org/thread/yfuxgymdqwg3kcg4"
},
{
"name": "20121010 [CVE-2012-4501] CloudStack configuration vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0062.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-26T10:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[cloudstack-dev] 20121007 [CVE-2012-4501] CloudStack security announcement",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://markmail.org/thread/yfuxgymdqwg3kcg4"
},
{
"name": "20121010 [CVE-2012-4501] CloudStack configuration vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0062.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[cloudstack-dev] 20121007 [CVE-2012-4501] CloudStack security announcement",
"refsource": "MLIST",
"url": "http://markmail.org/thread/yfuxgymdqwg3kcg4"
},
{
"name": "20121010 [CVE-2012-4501] CloudStack configuration vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0062.html"
},
{
"name": "http://cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html",
"refsource": "CONFIRM",
"url": "http://cloudstack.org/blog/185-cloudstack-configuration-vulnerability-discovered.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4501",
"datePublished": "2012-10-26T10:00:00Z",
"dateReserved": "2012-08-21T00:00:00Z",
"dateUpdated": "2024-09-17T00:41:27.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4317 (GCVE-0-2013-4317)
Vulnerability from cvelistv5
Published
2018-02-06 14:00
Modified
2024-09-17 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/oss-sec/2018/q1/1 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.1.0, 4.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20180103 [CVE-2013-4317] Apache CloudStack information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2018/q1/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "4.1.0, 4.1.1"
}
]
}
],
"datePublic": "2018-01-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-06T13:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[oss-security] 20180103 [CVE-2013-4317] Apache CloudStack information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2018/q1/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2013-4317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache CloudStack",
"version": {
"version_data": [
{
"version_value": "4.1.0, 4.1.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20180103 [CVE-2013-4317] Apache CloudStack information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2018/q1/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2013-4317",
"datePublished": "2018-02-06T14:00:00Z",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-09-17T01:36:03.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39864 (GCVE-0-2024-39864)
Vulnerability from cvelistv5
Published
2024-07-05 13:40
Modified
2025-03-19 14:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value). An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.
Users are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1 | vendor-advisory, mailing-list | |
| https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1 | vendor-advisory, patch | |
| https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-2/ | third-party-advisory | |
| http://www.openwall.com/lists/oss-security/2024/07/05/1 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.0.0 ≤ 4.18.2.0 Version: 4.19.0.0 ≤ 4.19.0.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_cloudstack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apache_cloudstack",
"vendor": "apache_software_foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.0",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.0.1",
"status": "affected",
"version": "4.19.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T13:38:45.994090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T14:44:07.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:10.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1"
},
{
"tags": [
"vendor-advisory",
"patch",
"x_transferred"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-2/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/05/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.0",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.0.1",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Pond of Apple Services Engineering Security"
},
{
"lang": "en",
"type": "finder",
"value": "Terry Thibault of Apple Services Engineering Security"
},
{
"lang": "en",
"type": "finder",
"value": "Damon Smith of Apple Services Engineering Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eThe CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value).\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete\u003c/span\u003e\u0026nbsp;compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUsers are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. \u003c/span\u003eUsers are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.\u003c/div\u003e\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value).\u00a0An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete\u00a0compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.\n\nUsers are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T13:45:07.813Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory",
"mailing-list"
],
"url": "https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-2/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/05/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack: Integration API service uses dynamic port when disabled",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-39864",
"datePublished": "2024-07-05T13:40:37.937Z",
"dateReserved": "2024-07-01T10:59:29.245Z",
"dateUpdated": "2025-03-19T14:44:07.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5616 (GCVE-0-2012-5616)
Vulnerability from cvelistv5
Published
2013-01-22 23:00
Modified
2024-08-06 21:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.citrix.com/article/CTX136163 | x_refsource_CONFIRM | |
| http://osvdb.org/89146 | vdb-entry, x_refsource_OSVDB | |
| http://seclists.org/fulldisclosure/2013/Jan/65 | mailing-list, x_refsource_FULLDISC | |
| http://osvdb.org/89147 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/57225 | vdb-entry, x_refsource_BID | |
| http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/51821 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/57259 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/89070 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/51366 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/51827 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securitytracker.com/id?1027978 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX136163"
},
{
"name": "89146",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89146"
},
{
"name": "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Jan/65"
},
{
"name": "89147",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89147"
},
{
"name": "57225",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57225"
},
{
"name": "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E"
},
{
"name": "51821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51821"
},
{
"name": "57259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/57259"
},
{
"name": "89070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/89070"
},
{
"name": "51366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51366"
},
{
"name": "51827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51827"
},
{
"name": "1027978",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-30T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX136163"
},
{
"name": "89146",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89146"
},
{
"name": "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Jan/65"
},
{
"name": "89147",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89147"
},
{
"name": "57225",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57225"
},
{
"name": "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E"
},
{
"name": "51821",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51821"
},
{
"name": "57259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/57259"
},
{
"name": "89070",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/89070"
},
{
"name": "51366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51366"
},
{
"name": "51827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51827"
},
{
"name": "1027978",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027978"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX136163",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX136163"
},
{
"name": "89146",
"refsource": "OSVDB",
"url": "http://osvdb.org/89146"
},
{
"name": "20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jan/65"
},
{
"name": "89147",
"refsource": "OSVDB",
"url": "http://osvdb.org/89147"
},
{
"name": "57225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57225"
},
{
"name": "[incubator-cloudstack-users] 20130110 CVE-2012-5616: Apache CloudStack information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565@stratosec.co%3E"
},
{
"name": "51821",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51821"
},
{
"name": "57259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57259"
},
{
"name": "89070",
"refsource": "OSVDB",
"url": "http://osvdb.org/89070"
},
{
"name": "51366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51366"
},
{
"name": "51827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51827"
},
{
"name": "1027978",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027978"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5616",
"datePublished": "2013-01-22T23:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22828 (GCVE-0-2025-22828)
Vulnerability from cvelistv5
Published
2025-01-13 12:47
Modified
2025-01-13 19:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
CloudStack users can add and read comments (annotations) on resources they are authorised to access.
Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.
An attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.
This may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn't same as access to CloudStack resources, making this issue of very low severity and general low impact.
CloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/bbsm9fdwrgfyostzojh6ghpocgdmx8rs | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.16.0 ≤ * |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-22828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-13T17:24:45.749950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T17:25:25.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-13T19:02:32.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/13/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "4.16.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Alex Perrakis \u003calexperrakis1@gmail.com\u003e"
},
{
"lang": "en",
"type": "reporter",
"value": "Efstratios Chatzoglou \u003cefchatzoglou@gmail.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eCloudStack users can add and read comments (annotations) on resources they are authorised to access.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eDue to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eAn attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eThis may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn\u0027t same as access to CloudStack resources, making this issue of very low severity and general low impact.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eCloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure.\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "CloudStack users can add and read comments (annotations) on resources they are authorised to access.\u00a0\n\nDue to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.\u00a0\n\nAn attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.\u00a0\n\nThis may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn\u0027t same as access to CloudStack resources, making this issue of very low severity and general low impact.\n\n\nCloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure."
}
],
"metrics": [
{
"other": {
"content": {
"text": "Low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-13T12:47:51.619Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/bbsm9fdwrgfyostzojh6ghpocgdmx8rs"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack: Unauthorised access to annotations",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-22828",
"datePublished": "2025-01-13T12:47:51.619Z",
"dateReserved": "2025-01-07T22:13:56.892Z",
"dateUpdated": "2025-01-13T19:02:32.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41107 (GCVE-0-2024-41107)
Vulnerability from cvelistv5
Published
2024-07-19 10:19
Modified
2025-03-19 18:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Summary
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account.
Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.5.0 ≤ 4.18.2.1 Version: 4.19.0.0 ≤ 4.19.0.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_cloudstack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apache_cloudstack",
"vendor": "apache_software_foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.1",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.0.2",
"status": "affected",
"version": "4.19.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41107",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T14:40:52.301987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T18:31:21.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:46:52.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/apache/cloudstack/issues/4519"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/19/1"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/19/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.1",
"status": "affected",
"version": "4.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.0.2",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christian Gross of Netcloud AG"
},
{
"lang": "en",
"type": "finder",
"value": "Damon Smith of Apple Services Engineering Security"
},
{
"lang": "en",
"type": "finder",
"value": "Adam Pond of Apple Services Engineering Security"
},
{
"lang": "en",
"type": "finder",
"value": "Terry Thibault of Apple Services Engineering Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eknown or guessed username and other user details of a SAML-enabled CloudStack user-account\u003c/span\u003e.\u0026nbsp;In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAffected users are recommended to disable the SAML authentication plugin by setting the\u0026nbsp;\"saml2.enabled\" global setting to \"false\", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue.\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account.\u00a0In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account.\n\nAffected users are recommended to disable the SAML authentication plugin by setting the\u00a0\"saml2.enabled\" global setting to \"false\", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T10:20:06.990Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/apache/cloudstack/issues/4519"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/19/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/19/2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CloudStack: SAML Signature Exclusion",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-41107",
"datePublished": "2024-07-19T10:19:53.995Z",
"dateReserved": "2024-07-12T22:43:29.015Z",
"dateUpdated": "2025-03-19T18:31:21.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47713 (GCVE-0-2025-47713)
Vulnerability from cvelistv5
Published
2025-06-10 23:06
Modified
2025-06-14 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.
Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:
* Strict validation on Role Type hierarchy: the caller's user-account role must be equal to or higher than the target user-account's role.
* API privilege comparison: the caller must possess all privileges of the user they are operating on.
* Two new domain-level settings (restricted to the default Admin):
- role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin".
- allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.10.0 ≤ Version: 4.20.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-47713",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-14T03:56:14.817Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.19.3.0",
"status": "affected",
"version": "4.10.0",
"versionType": "semver"
},
{
"lessThan": "4.20.1.0",
"status": "affected",
"version": "4.20.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Scott Schmitz \u003csschmitz@ussignal.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eA privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eA malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eUsers are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eStrict validation on Role Type hierarchy: the caller\u0027s user-account role must be equal to or higher than the target user-account\u0027s role.\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eAPI privilege comparison: the caller must possess all privileges of the user they are operating on. \u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eTwo new domain-level settings (restricted to the default Admin): \u003cbr\u003e\u2003- role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: \"Admin, DomainAdmin, ResourceAdmin\". \u003cbr\u003e\u0026nbsp; \u0026nbsp;- allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.\u003c/span\u003e\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003c/span\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts.\u00a0A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that\u00a0could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.\n\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:\n * Strict validation on Role Type hierarchy: the caller\u0027s user-account role must be equal to or higher than the target user-account\u0027s role.\n * API privilege comparison: the caller must possess all privileges of the user they are operating on. \n * Two new domain-level settings (restricted to the default Admin): \n\u2003- role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: \"Admin, DomainAdmin, ResourceAdmin\". \n\u00a0 \u00a0- allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true."
}
],
"metrics": [
{
"other": {
"content": {
"text": "critical"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T23:06:45.585Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack: Domain Admin can reset Admin password in Root Domain",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-47713",
"datePublished": "2025-06-10T23:06:45.585Z",
"dateReserved": "2025-05-07T22:41:41.858Z",
"dateUpdated": "2025-06-14T03:56:14.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45462 (GCVE-0-2024-45462)
Vulnerability from cvelistv5
Published
2024-10-16 07:53
Modified
2024-10-16 14:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1.
Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2 | vendor-advisory, patch | |
| https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo | mailing-list | |
| https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2 | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.15.1.0 ≤ 4.18.2.3 Version: 4.19.0.0 ≤ 4.19.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-16T08:03:42.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/15/4"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_cloudstack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apache_cloudstack",
"vendor": "apache_software_foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.3",
"status": "affected",
"version": "4.15.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.1.1",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:51:40.647741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:54:34.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.3",
"status": "affected",
"version": "4.15.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.1.1",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Arthur Souza"
},
{
"lang": "en",
"type": "reporter",
"value": "Felipe Olivaes"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user\u0027s browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user\u0027s browser can use an unexpired session to gain access to resources owned by the logged out user account. This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1.\n\n\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T07:53:40.129Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack: Incomplete session invalidation on web interface logout",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-45462",
"datePublished": "2024-10-16T07:53:40.129Z",
"dateReserved": "2024-08-29T08:57:32.948Z",
"dateUpdated": "2024-10-16T14:54:34.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3252 (GCVE-0-2015-3252)
Vulnerability from cvelistv5
Published
2016-02-08 19:00
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/537459/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories"
},
{
"name": "20160205 CVE-2015-3252: Apache CloudStack VNC authentication issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537459/100/0/threaded"
},
{
"name": "[cloudstack-users] 20160205 CVE-2015-3252: Apache CloudStack VNC authentication issue",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories"
},
{
"name": "20160205 CVE-2015-3252: Apache CloudStack VNC authentication issue",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537459/100/0/threaded"
},
{
"name": "[cloudstack-users] 20160205 CVE-2015-3252: Apache CloudStack VNC authentication issue",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories",
"refsource": "CONFIRM",
"url": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories"
},
{
"name": "20160205 CVE-2015-3252: Apache CloudStack VNC authentication issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537459/100/0/threaded"
},
{
"name": "[cloudstack-users] 20160205 CVE-2015-3252: Apache CloudStack VNC authentication issue",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C7508580E-3D83-49FD-BE6E-B329B0503130%40gmail.com%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3252",
"datePublished": "2016-02-08T19:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22829 (GCVE-0-2025-22829)
Vulnerability from cvelistv5
Published
2025-06-10 23:11
Modified
2025-06-11 13:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for any account in the environment and list their configurations.
Quota plugin users using CloudStack 4.20.0.0 are recommended to upgrade to CloudStack version 4.20.1.0, which fixes this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.20.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22829",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:53:33.346984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:53:45.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.20.1.0",
"status": "affected",
"version": "4.20.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabricio Duarte \u003cfabricio.duarte.jr@gmail.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for any account in the environment and list their configurations.\u003cbr\u003e\u003cbr\u003eQuota plugin users using CloudStack 4.20.0.0 are recommended to upgrade to CloudStack version 4.20.1.0, which fixes this issue."
}
],
"value": "The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account access in CloudStack 4.20.0.0 environments, where this plugin is enabled and have access to specific APIs can enable or disable reception of quota-related emails for any account in the environment and list their configurations.\n\nQuota plugin users using CloudStack 4.20.0.0 are recommended to upgrade to CloudStack version 4.20.1.0, which fixes this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.3,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/S:N/AU:N/R:U/V:D/RE:L/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T23:22:01.081Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cloudstack.staged.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack: Unauthorised access to dedicated resources in Quota plugin",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-22829",
"datePublished": "2025-06-10T23:11:24.828Z",
"dateReserved": "2025-01-07T23:23:17.658Z",
"dateUpdated": "2025-06-11T13:53:45.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29007 (GCVE-0-2024-29007)
Vulnerability from cvelistv5
Published
2024-04-04 07:49
Modified
2024-11-12 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.9.1.0 ≤ 4.18.1.0 Version: 4.19.0.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloudstack",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "4.18.1.0",
"status": "affected",
"version": "4.9.1.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.19.0.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T18:07:51.461959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T18:07:54.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.1.0",
"status": "affected",
"version": "4.9.1.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.19.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yuyang Xiao \u003csuperxyyang@gmail.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.\u003c/div\u003e"
}
],
"value": "The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T07:49:57.831Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CloudStack: When downloading templates or ISOs, the management server and SSVM follow HTTP redirects with potentially dangerous consequences",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-29007",
"datePublished": "2024-04-04T07:49:57.831Z",
"dateReserved": "2024-03-13T22:58:54.736Z",
"dateUpdated": "2024-11-12T18:07:54.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42062 (GCVE-0-2024-42062)
Vulnerability from cvelistv5
Published
2024-08-07 07:17
Modified
2024-09-03 19:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin. An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss, denial of service and availability of CloudStack managed infrastructure.
Users are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue. Additionally, all account-user API and secret keys should be regenerated.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3 | vendor-advisory, patch | |
| https://lists.apache.org/thread/lxqtfd6407prbw3801hb4fz3ot3t8wlj | mailing-list | |
| https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-3-and-4-19-1-1/ | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.10.0 ≤ 4.18.2.2 Version: 4.19.0.0 ≤ 4.19.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:03:17.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/06/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cloudstack",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "4.19.1.0",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.18.2.2",
"status": "affected",
"version": "4.10.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-42062",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T18:16:06.919266Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:58:27.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.2",
"status": "affected",
"version": "4.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.1.0",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fabricio Duarte"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin.\u0026nbsp;\u003c/span\u003eAn attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edenial of service\u003c/span\u003e\u0026nbsp;and availability of CloudStack managed infrastructure.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue.\u0026nbsp;Additionally, all account-user API and secret keys should be regenerated.\u003cbr\u003e"
}
],
"value": "CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can\u00a0generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations.\u00a0Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin.\u00a0An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss,\u00a0denial of service\u00a0and availability of CloudStack managed infrastructure.\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue.\u00a0Additionally, all account-user API and secret keys should be regenerated."
}
],
"metrics": [
{
"other": {
"content": {
"text": "critical"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T13:44:08.239Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/lxqtfd6407prbw3801hb4fz3ot3t8wlj"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-3-and-4-19-1-1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack: User Key Exposure to Domain Admins",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-42062",
"datePublished": "2024-08-07T07:17:08.811Z",
"dateReserved": "2024-07-29T11:57:03.344Z",
"dateUpdated": "2024-09-03T19:58:27.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-47849 (GCVE-0-2025-47849)
Vulnerability from cvelistv5
Published
2025-06-10 23:07
Modified
2025-06-14 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.
Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:
* Strict validation on Role Type hierarchy: the caller's role must be equal to or higher than the target user's role.
* API privilege comparison: the caller must possess all privileges of the user they are operating on.
* Two new domain-level settings (restricted to the default admin):
- role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin".
- allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.10.0 ≤ Version: 4.20.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-47849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-14T03:56:15.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.19.3.0",
"status": "affected",
"version": "4.10.0",
"versionType": "semver"
},
{
"lessThan": "4.20.1.0",
"status": "affected",
"version": "4.20.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kevin Li \u003ckli74@apple.com\u003e"
},
{
"lang": "en",
"type": "finder",
"value": "Scott Schmitz \u003csschmitz@ussignal.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eA privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. \u003c/span\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eA malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecould result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eUsers are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eStrict validation on Role Type hierarchy: the caller\u0027s role must be equal to or higher than the target user\u0027s role.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eAPI privilege comparison: the caller must possess all privileges of the user they are operating on.\u0026nbsp;\u003c/span\u003e\u003c/li\u003e\u003cli\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eTwo new domain-level settings (restricted to the default admin):\u0026nbsp;\u003cbr\u003e\u2003- role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: \"Admin, DomainAdmin, ResourceAdmin\".\u0026nbsp;\u003cbr\u003e\u2003- allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true.\u003c/span\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
}
],
"value": "A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack.\n\nUsers are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following:\n\n\n * Strict validation on Role Type hierarchy: the caller\u0027s role must be equal to or higher than the target user\u0027s role.\u00a0\n * API privilege comparison: the caller must possess all privileges of the user they are operating on.\u00a0\n * Two new domain-level settings (restricted to the default admin):\u00a0\n\u2003- role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: \"Admin, DomainAdmin, ResourceAdmin\".\u00a0\n\u2003- allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T23:07:54.526Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack: Insecure access of user\u0027s API/Secret Keys in the same domain",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-47849",
"datePublished": "2025-06-10T23:07:54.526Z",
"dateReserved": "2025-05-12T08:45:45.595Z",
"dateUpdated": "2025-06-14T03:56:15.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26779 (GCVE-0-2022-26779)
Vulnerability from cvelistv5
Published
2022-03-15 15:40
Modified
2024-08-03 05:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- anonymous invite can be used by anyone
Summary
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h | x_refsource_MISC | |
| https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/03/15/1 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: Apache CloudStack < 4.16.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:11:45.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp"
},
{
"name": "[oss-security] 20220315 CVE-2022-26779: Apache Cloudstack insecure random number generation affects project email invitation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.16.1",
"status": "affected",
"version": "Apache CloudStack",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported by Jonathan Leitschuh"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack."
}
],
"metrics": [
{
"other": {
"content": {
"other": "low"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "anonymous invite can be used by anyone",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T17:06:15",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp"
},
{
"name": "[oss-security] 20220315 CVE-2022-26779: Apache Cloudstack insecure random number generation affects project email invitation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache Cloudstack insecure random number generation affects project email invitation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-26779",
"STATE": "PUBLIC",
"TITLE": "Apache Cloudstack insecure random number generation affects project email invitation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache CloudStack",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache CloudStack",
"version_value": "4.16.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported by Jonathan Leitschuh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "low"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "anonymous invite can be used by anyone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/dmm07b1cyosovqr12ddhkko501p11h2h"
},
{
"name": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp",
"refsource": "MISC",
"url": "https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-vpcc-9rh2-8jfp"
},
{
"name": "[oss-security] 20220315 CVE-2022-26779: Apache Cloudstack insecure random number generation affects project email invitation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/03/15/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-26779",
"datePublished": "2022-03-15T15:40:11",
"dateReserved": "2022-03-09T00:00:00",
"dateUpdated": "2024-08-03T05:11:45.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6813 (GCVE-0-2016-6813)
Vulnerability from cvelistv5
Published
2018-02-06 14:00
Modified
2024-09-17 00:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.
References
| ▼ | URL | Tags |
|---|---|---|
| https://s.apache.org/qV5l | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/93945 | vdb-entry, x_refsource_BID | |
| http://mail-archives.apache.org/mod_mbox/www-announce/201610.mbox/%3CCAJtfqCupOYQoNY2BNx86_zauses_MpmpiX8WciO_DEaWp6uNig%40mail.gmail.com%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.1 to 4.8.1.0 Version: 4.9.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:43:37.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[cloudstack-announce] 20161027 Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://s.apache.org/qV5l"
},
{
"name": "93945",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93945"
},
{
"name": "[www-announce] 20161028 [SECURITY] CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201610.mbox/%3CCAJtfqCupOYQoNY2BNx86_zauses_MpmpiX8WciO_DEaWp6uNig%40mail.gmail.com%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "4.1 to 4.8.1.0"
},
{
"status": "affected",
"version": "4.9.0.0"
}
]
}
],
"datePublic": "2016-10-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-\"root\") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-07T10:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[cloudstack-announce] 20161027 Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://s.apache.org/qV5l"
},
{
"name": "93945",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93945"
},
{
"name": "[www-announce] 20161028 [SECURITY] CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201610.mbox/%3CCAJtfqCupOYQoNY2BNx86_zauses_MpmpiX8WciO_DEaWp6uNig%40mail.gmail.com%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2016-10-27T00:00:00",
"ID": "CVE-2016-6813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache CloudStack",
"version": {
"version_data": [
{
"version_value": "4.1 to 4.8.1.0"
},
{
"version_value": "4.9.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-\"root\") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[cloudstack-announce] 20161027 Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1",
"refsource": "MLIST",
"url": "https://s.apache.org/qV5l"
},
{
"name": "93945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93945"
},
{
"name": "[www-announce] 20161028 [SECURITY] CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201610.mbox/%3CCAJtfqCupOYQoNY2BNx86_zauses_MpmpiX8WciO_DEaWp6uNig@mail.gmail.com%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-6813",
"datePublished": "2018-02-06T14:00:00Z",
"dateReserved": "2016-08-12T00:00:00",
"dateUpdated": "2024-09-17T00:26:36.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45461 (GCVE-0-2024-45461)
Vulnerability from cvelistv5
Published
2024-10-16 07:54
Modified
2025-02-21 16:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled.
Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting "quota.enable.service" to "false".
References
| ▼ | URL | Tags |
|---|---|---|
| https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2 | vendor-advisory, patch | |
| https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo | mailing-list | |
| https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-4-and-4-19-1-2/ | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack Quota plugin |
Version: 4.7.0 ≤ 4.18.2.3 Version: 4.19.0.0 ≤ 4.19.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-16T08:03:40.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/15/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:50:13.034595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-21T16:53:10.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack Quota plugin",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.3",
"status": "affected",
"version": "4.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.1.1",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Fabr\u00edcio Duarte \u003cfabricio.duarte.jr@gmail.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.\u0026nbsp;\u003c/span\u003eAlternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting \"quota.enable.service\" to \"false\"."
}
],
"value": "The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled.\n\n\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.\u00a0Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting \"quota.enable.service\" to \"false\"."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T09:30:18.513Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-4-and-4-19-1-2/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache CloudStack Quota plugin: Access checks not enforced in Quota",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-45461",
"datePublished": "2024-10-16T07:54:15.484Z",
"dateReserved": "2024-08-29T08:55:51.392Z",
"dateUpdated": "2025-02-21T16:53:10.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50386 (GCVE-0-2024-50386)
Vulnerability from cvelistv5
Published
2024-11-12 14:34
Modified
2024-11-12 20:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.
Users are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue.
Additionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.
for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done
For checking the whole template/volume features of each disk, operators can run the following command:
for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done
References
| ▼ | URL | Tags |
|---|---|---|
| https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3 | vendor-advisory, patch | |
| https://lists.apache.org/thread/d0x83c2cyglzzdw8csbop7mj7h83z95y | mailing-list | |
| https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-5-and-4-19-1-3/ | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.0.0 ≤ 4.18.2.4 Version: 4.19.0.0 ≤ 4.19.1.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloudstack",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "4.18.2.4",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.1.2",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-50386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T16:07:06.274965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T16:10:15.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-12T17:02:47.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/12/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.4",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.1.2",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kiran Chavala \u003ckiranchavala@apache.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eUsers are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. \u003cbr\u003e\u003cbr\u003e\u003c/span\u003eAdditionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. H\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eowever, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.\u003c/span\u003e\u003cbr\u003e\u003c/div\u003e\u003cblockquote\u003efor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully.\"; qemu-img info -U $file | grep file: ; printf \"\\n\\n\"; done\u003c/blockquote\u003e\u003cdiv\u003e\u003cbr\u003eFor checking the whole template/volume features of each disk, operators can run the following command:\u003cbr\u003e\u003c/div\u003e\u003cblockquote\u003efor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info.\"; qemu-img info -U $file; printf \"\\n\\n\"; done\u003c/blockquote\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker that can register templates, can use them to deploy malicious instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.5 or 4.19.1.3, or later, which addresses this issue. \n\nAdditionally, all user-registered KVM-compatible templates can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run the following command on their file-based primary storage(s) and inspect the output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk. However, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.\n\n\nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully.\"; qemu-img info -U $file | grep file: ; printf \"\\n\\n\"; done\nFor checking the whole template/volume features of each disk, operators can run the following command:\n\n\nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info.\"; qemu-img info -U $file; printf \"\\n\\n\"; done"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T20:06:52.571Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.5-4.19.1.3"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/d0x83c2cyglzzdw8csbop7mj7h83z95y"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-5-and-4-19-1-3/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-50386",
"datePublished": "2024-11-12T14:34:08.537Z",
"dateReserved": "2024-10-23T21:07:56.466Z",
"dateUpdated": "2024-11-12T20:06:52.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3251 (GCVE-0-2015-3251)
Vulnerability from cvelistv5
Published
2016-02-08 19:00
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.
References
| ▼ | URL | Tags |
|---|---|---|
| https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/537458/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C94DD4CB4-F718-4F79-A934-3D677E497114%40gmail.com%3E | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories"
},
{
"name": "20160205 CVE-2015-3251: Apache CloudStack VM Credential Exposure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537458/100/0/threaded"
},
{
"name": "[cloudstack-users] 20160205 CVE-2015-3251: Apache CloudStack VM Credential Exposure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C94DD4CB4-F718-4F79-A934-3D677E497114%40gmail.com%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories"
},
{
"name": "20160205 CVE-2015-3251: Apache CloudStack VM Credential Exposure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537458/100/0/threaded"
},
{
"name": "[cloudstack-users] 20160205 CVE-2015-3251: Apache CloudStack VM Credential Exposure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C94DD4CB4-F718-4F79-A934-3D677E497114%40gmail.com%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories",
"refsource": "CONFIRM",
"url": "https://blogs.apache.org/cloudstack/entry/two_late_announced_security_advisories"
},
{
"name": "20160205 CVE-2015-3251: Apache CloudStack VM Credential Exposure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537458/100/0/threaded"
},
{
"name": "[cloudstack-users] 20160205 CVE-2015-3251: Apache CloudStack VM Credential Exposure",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/cloudstack-users/201602.mbox/%3C94DD4CB4-F718-4F79-A934-3D677E497114%40gmail.com%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3251",
"datePublished": "2016-02-08T19:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45693 (GCVE-0-2024-45693)
Vulnerability from cvelistv5
Published
2024-10-16 07:52
Modified
2024-10-16 14:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Summary
Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform.
This issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1
Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2 | vendor-advisory, patch | |
| https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo | mailing-list | |
| https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2 | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.15.1.0 ≤ 4.18.2.3 Version: 4.19.0.0 ≤ 4.19.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-16T08:03:43.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/15/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloudstack",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "4.18.2.3",
"status": "affected",
"version": "4.15.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.1.1",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45693",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:55:50.101049Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:57:41.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.3",
"status": "affected",
"version": "4.15.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.1.1",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Arthur Souza"
},
{
"lang": "en",
"type": "reporter",
"value": "Felipe Olivaes"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUsers logged into the Apache CloudStack\u0027s web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;to account takeover,\u0026nbsp;\u003c/span\u003edisruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform.\u003c/p\u003e\u003cp\u003eThis issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.\u003c/span\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Users logged into the Apache CloudStack\u0027s web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead\u00a0to account takeover,\u00a0disruption, exposure of sensitive data and compromise integrity of the resources owned by the user account that are managed by the platform.\n\nThis issue affects Apache CloudStack from 4.15.1.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1\n\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T07:52:25.816Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack: Request origin validation bypass makes account takeover possible",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-45693",
"datePublished": "2024-10-16T07:52:25.816Z",
"dateReserved": "2024-09-05T00:23:11.078Z",
"dateUpdated": "2024-10-16T14:57:41.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0031 (GCVE-0-2014-0031)
Vulnerability from cvelistv5
Published
2014-01-14 18:00
Modified
2024-08-06 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/55960 | third-party-advisory, x_refsource_SECUNIA | |
| https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl | x_refsource_CONFIRM | |
| https://issues.apache.org/jira/browse/CLOUDSTACK-5145 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55960"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-14T17:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "55960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55960"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5145"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55960"
},
{
"name": "https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl",
"refsource": "CONFIRM",
"url": "https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl"
},
{
"name": "https://issues.apache.org/jira/browse/CLOUDSTACK-5145",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-5145"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0031",
"datePublished": "2014-01-14T18:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17562 (GCVE-0-2019-17562)
Vulnerability from cvelistv5
Published
2020-05-14 16:14
Modified
2024-08-05 01:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- buffer overflow exploit
Summary
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache CloudStack |
Version: Apache CloudStack all versions up to 4.13.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:15.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcbaafc6ae1f32e8f1e5987c243a26faf83c5172348ee7c17a54ea7f9%40%3Cusers.cloudstack.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache CloudStack",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache CloudStack all versions up to 4.13.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#\u0027;whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "buffer overflow exploit",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-14T16:14:55",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rcbaafc6ae1f32e8f1e5987c243a26faf83c5172348ee7c17a54ea7f9%40%3Cusers.cloudstack.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-17562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache CloudStack",
"version": {
"version_data": [
{
"version_value": "Apache CloudStack all versions up to 4.13.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#\u0027;whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow exploit"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/rcbaafc6ae1f32e8f1e5987c243a26faf83c5172348ee7c17a54ea7f9%40%3Cusers.cloudstack.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rcbaafc6ae1f32e8f1e5987c243a26faf83c5172348ee7c17a54ea7f9%40%3Cusers.cloudstack.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-17562",
"datePublished": "2020-05-14T16:14:55",
"dateReserved": "2019-10-14T00:00:00",
"dateUpdated": "2024-08-05T01:40:15.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29008 (GCVE-0-2024-29008)
Vulnerability from cvelistv5
Published
2024-04-04 07:51
Modified
2024-08-29 20:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to attach host devices such as storage disks, and PCI and USB devices such as network adapters and GPUs, in a regular VM instance that can be further exploited to gain access to the underlying network and storage infrastructure resources, and access any VM instance disks on the local storage.
Users are advised to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.14.0.0 ≤ 4.18.1.0 Version: 4.19.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cloudstack",
"vendor": "apache",
"versions": [
{
"lessThanOrEqual": "4.18.1.0",
"status": "affected",
"version": "4.14.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.19.0.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29008",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:56:09.910808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T20:31:23.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.1.0",
"status": "affected",
"version": "4.14.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.19.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wei Zhou \u003custcweizhou@gmail.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to\u0026nbsp;attach host devices such as storage disks, and PCI and USB devices such as network adapters and GPUs, in a regular VM instance that can be further exploited to gain access to the underlying network and storage infrastructure resources, and access any VM instance disks on the local storage.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eUsers are advised to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to\u00a0attach host devices such as storage disks, and PCI and USB devices such as network adapters and GPUs, in a regular VM instance that can be further exploited to gain access to the underlying network and storage infrastructure resources, and access any VM instance disks on the local storage.\n\nUsers are advised to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "critical"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T07:51:05.423Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache CloudStack: The extraconfig feature can be abused to load hypervisor resources on a VM instance",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-29008",
"datePublished": "2024-04-04T07:51:05.423Z",
"dateReserved": "2024-03-13T23:02:19.432Z",
"dateUpdated": "2024-08-29T20:31:23.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7807 (GCVE-0-2014-7807)
Vulnerability from cvelistv5
Published
2014-12-10 15:00
Modified
2024-08-06 13:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.citrix.com/article/CTX200285 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/534176/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.citrix.com/article/CTX200285"
},
{
"name": "20141208 [CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534176/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.citrix.com/article/CTX200285"
},
{
"name": "20141208 [CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534176/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-7807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX200285",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX200285"
},
{
"name": "20141208 [CVE-2014-7807] Apache CloudStack unauthenticated LDAP binds",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534176/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-7807",
"datePublished": "2014-12-10T15:00:00",
"dateReserved": "2014-10-03T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35741 (GCVE-0-2022-35741)
Vulnerability from cvelistv5
Published
2022-07-18 14:30
Modified
2024-08-03 09:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- XML external entity injection
Summary
Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/07/18/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2022/07/20/1 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.5.0 < Apache CloudStack* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:21.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f"
},
{
"name": "[oss-security] 20220718 [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/18/2"
},
{
"name": "[oss-security] 20220720 Re: [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "Apache CloudStack*",
"status": "affected",
"version": "4.5.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was reported by v3ged0ge"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entity injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T08:06:07",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f"
},
{
"name": "[oss-security] 20220718 [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/18/2"
},
{
"name": "[oss-security] 20220720 Re: [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack SAML Single Sign-On XXE",
"workarounds": [
{
"lang": "en",
"value": "To mitigate the risk, a CloudStack admin can do any of the following:\n\n1. Disable SAML 2.0 plugin by setting the global setting saml2.enabled to false and restart the management servers.\n2. Upgrade to Apache CloudStack 4.16.1.1 or 4.17.0.1 or higher."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-35741",
"STATE": "PUBLIC",
"TITLE": "Apache CloudStack SAML Single Sign-On XXE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache CloudStack",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "Apache CloudStack",
"version_value": "4.5.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was reported by v3ged0ge"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entity injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/hwhxvtwp1d5dsm156bsf1cnyvtmrfv3f"
},
{
"name": "[oss-security] 20220718 [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/07/18/2"
},
{
"name": "[oss-security] 20220720 Re: [ADVISORY] Apache CloudStack SAML Single Sign-On XXE (CVE-2022-35741)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/07/20/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "To mitigate the risk, a CloudStack admin can do any of the following:\n\n1. Disable SAML 2.0 plugin by setting the global setting saml2.enabled to false and restart the management servers.\n2. Upgrade to Apache CloudStack 4.16.1.1 or 4.17.0.1 or higher."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-35741",
"datePublished": "2022-07-18T14:30:14",
"dateReserved": "2022-07-13T00:00:00",
"dateUpdated": "2024-08-03T09:44:21.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42222 (GCVE-0-2024-42222)
Vulnerability from cvelistv5
Published
2024-08-07 07:16
Modified
2025-03-14 15:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data.
Affected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/cloudstack/issues/9456 | issue-tracking | |
| https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3 | vendor-advisory, patch | |
| https://lists.apache.org/thread/lxqtfd6407prbw3801hb4fz3ot3t8wlj | mailing-list | |
| https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-3-and-4-19-1-1/ | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.19.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:03:19.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/06/6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-42222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-07T14:57:20.655680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T15:57:32.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "4.19.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Christian Gross of Netcloud AG"
},
{
"lang": "en",
"type": "finder",
"value": "Midhun Jose"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eIn Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data.\u003cbr\u003e\u003cbr\u003eAffected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data.\n\nAffected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1."
}
],
"metrics": [
{
"other": {
"content": {
"text": "critical"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-07T07:16:13.765Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/apache/cloudstack/issues/9456"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/lxqtfd6407prbw3801hb4fz3ot3t8wlj"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-3-and-4-19-1-1/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack: Unauthorised Network List Access",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-42222",
"datePublished": "2024-08-07T07:16:13.765Z",
"dateReserved": "2024-07-30T05:26:40.956Z",
"dateUpdated": "2025-03-14T15:57:32.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-3085 (GCVE-0-2016-3085)
Vulnerability from cvelistv5
Published
2016-06-10 15:00
Modified
2024-08-05 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/137390/Apache-CloudStack-4.5.0-Authentication-Bypass.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/538636/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:15.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137390/Apache-CloudStack-4.5.0-Authentication-Bypass.html"
},
{
"name": "20160609 CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538636/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137390/Apache-CloudStack-4.5.0-Authentication-Bypass.html"
},
{
"name": "20160609 CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538636/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/137390/Apache-CloudStack-4.5.0-Authentication-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/137390/Apache-CloudStack-4.5.0-Authentication-Bypass.html"
},
{
"name": "20160609 CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/538636/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3085",
"datePublished": "2016-06-10T15:00:00",
"dateReserved": "2016-03-10T00:00:00",
"dateUpdated": "2024-08-05T23:40:15.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9593 (GCVE-0-2014-9593)
Vulnerability from cvelistv5
Published
2015-01-15 15:00
Modified
2024-09-16 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html | x_refsource_CONFIRM | |
| http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release | x_refsource_CONFIRM | |
| http://secunia.com/advisories/62216 | third-party-advisory, x_refsource_SECUNIA | |
| https://issues.apache.org/jira/browse/CLOUDSTACK-7952 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release"
},
{
"name": "62216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62216"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-7952"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-01-15T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release"
},
{
"name": "62216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62216"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-7952"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html",
"refsource": "CONFIRM",
"url": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html"
},
{
"name": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release",
"refsource": "CONFIRM",
"url": "http://docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html#issues-fixed-in-release"
},
{
"name": "62216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62216"
},
{
"name": "https://issues.apache.org/jira/browse/CLOUDSTACK-7952",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/CLOUDSTACK-7952"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9593",
"datePublished": "2015-01-15T15:00:00Z",
"dateReserved": "2015-01-15T00:00:00Z",
"dateUpdated": "2024-09-16T16:38:52.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26521 (GCVE-0-2025-26521)
Vulnerability from cvelistv5
Published
2025-06-10 23:08
Modified
2025-06-14 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based Kubernetes cluster, can also access the API key and secret key of the 'kubeadmin' user of the CKS cluster's creator's account. An attacker who's a member of the project can exploit this to impersonate and perform privileged actions that can result in complete compromise of the confidentiality, integrity, and availability of resources owned by the creator's account.
CKS users are recommended to upgrade to version 4.19.3.0 or 4.20.1.0, which fixes this issue.Updating Existing Kubernetes Clusters in ProjectsA service account should be created for each project to provide limited access specifically for Kubernetes cluster providers and autoscaling. Follow the steps below to create a new service account, update the secret inside the cluster, and regenerate existing API and service keys:1. Create a New Service AccountCreate a new account using the role "Project Kubernetes Service Role" with the following details:
Account Name
kubeadmin-<FIRST_EIGHT_CHARACTERS_OF_PROJECT_ID>
First Name
Kubernetes
Last Name
Service User
Account Type
0 (Normal User)
Role ID
<ID_OF_SERVICE_ROLE>
2. Add the Service Account to the ProjectAdd this account to the project where the Kubernetes cluster(s) are hosted.
3. Generate API and Secret KeysGenerate API Key and Secret Key for the default user of this account.
4. Update the CloudStack Secret in the Kubernetes ClusterCreate a temporary file `/tmp/cloud-config` with the following data:
api-url = <API_URL> # For example: <MS_URL>/client/api
api-key = <SERVICE_USER_API_KEY>
secret-key = <SERVICE_USER_SECRET_KEY>
project-id = <PROJECT_ID>
Delete the existing secret using kubectl and Kubernetes cluster config:
./kubectl --kubeconfig kube.conf -n kube-system delete secret cloudstack-secret
Create a new secret using kubectl and Kubernetes cluster config:
./kubectl --kubeconfig kube.conf -n kube-system create secret generic cloudstack-secret --from-file=/tmp/cloud-config
Remove the temporary file:
rm /tmp/cloud-config5. Regenerate API and Secret KeysRegenerate the API and secret keys for the original user account that was used to create the Kubernetes cluster.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.17.0.0 ≤ Version: 4.20.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-26521",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-14T03:56:16.937Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.19.3.0",
"status": "affected",
"version": "4.17.0.0",
"versionType": "semver"
},
{
"lessThan": "4.20.1.0",
"status": "affected",
"version": "4.20.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wei Zhou (weizhou@apache.org)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the \u0027kubeadmin\u0027 user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based Kubernetes cluster, can also access the API key and secret key of the \u0027kubeadmin\u0027 user of the CKS cluster\u0027s creator\u0027s account. An attacker who\u0027s a member of the project can exploit this to impersonate and perform privileged actions that can result in complete compromise of the confidentiality, integrity, and availability of resources owned by the creator\u0027s account.\u003cbr\u003e\u003cbr\u003eCKS users are recommended to upgrade to version 4.19.3.0 or 4.20.1.0, which fixes this issue.\u003ch3\u003eUpdating Existing Kubernetes Clusters in Projects\u003c/h3\u003eA \u003cb\u003eservice account\u003c/b\u003e should be created for each project to provide limited access specifically for Kubernetes cluster providers and autoscaling. Follow the steps below to create a new service account, update the secret inside the cluster, and regenerate existing API and service keys:\u003ch3\u003e1. Create a New Service Account\u003c/h3\u003e\u003cdiv\u003eCreate a new account using the role \u003cb\u003e\"Project Kubernetes Service Role\"\u003c/b\u003e with the following details:\u003c/div\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eAccount Name\u003c/b\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003ekubeadmin-\u0026lt;FIRST_EIGHT_CHARACTERS_OF_PROJECT_ID\u0026gt;\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eFirst Name\u003c/b\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eKubernetes\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eLast Name\u003c/b\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eService User\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eAccount Type\u003c/b\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e0 (Normal User)\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cb\u003eRole ID\u003c/b\u003e\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u0026lt;ID_OF_SERVICE_ROLE\u0026gt;\u003cbr\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003c/div\u003e\u003ch3\u003e2. Add the Service Account to the Project\u003c/h3\u003eAdd this account to the \u003cb\u003eproject\u003c/b\u003e where the Kubernetes cluster(s) are hosted.\u003cbr\u003e\u003ch3\u003e3. Generate API and Secret Keys\u003c/h3\u003eGenerate \u003cb\u003eAPI Key\u003c/b\u003e and \u003cb\u003eSecret Key\u003c/b\u003e for the \u003ci\u003edefault user\u003c/i\u003e of this account.\u003cbr\u003e\u003ch3\u003e4. Update the CloudStack Secret in the Kubernetes Cluster\u003c/h3\u003eCreate a temporary file `/tmp/cloud-config` with the following data:\u003cbr\u003e\u0026nbsp;\u0026nbsp;\u003ctt\u003e\u0026nbsp;api-url = \u0026lt;API_URL\u0026gt; \u0026nbsp; \u0026nbsp; # For example: \u0026lt;MS_URL\u0026gt;/client/api\u003cbr\u003e\u0026nbsp; api-key = \u0026lt;SERVICE_USER_API_KEY\u0026gt;\u003cbr\u003e\u0026nbsp; secret-key = \u0026lt;SERVICE_USER_SECRET_KEY\u0026gt;\u003cbr\u003e\u003c/tt\u003e\u003cdiv\u003e\u003ctt\u003e\u0026nbsp; project-id = \u0026lt;PROJECT_ID\u0026gt;\u003c/tt\u003e\u003c/div\u003e\u003cdiv\u003e\u003ctt\u003e\u003cbr\u003e\u003c/tt\u003e\u003c/div\u003eDelete the existing secret using kubectl and Kubernetes cluster config:\u003cbr\u003e\u003cdiv\u003e\u0026nbsp;\u0026nbsp;\u003ctt\u003e\u0026nbsp;./kubectl --kubeconfig kube.conf -n kube-system delete secret cloudstack-secret\u003c/tt\u003e\u003c/div\u003e\u003cdiv\u003e\u003ctt\u003e\u003cbr\u003e\u003c/tt\u003e\u003c/div\u003eCreate a new secret using kubectl and Kubernetes cluster config:\u003cbr\u003e\u003cdiv\u003e\u0026nbsp; \u0026nbsp; ./kubectl --kubeconfig kube.conf -n kube-system create secret generic cloudstack-secret --from-file=/tmp/cloud-config\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003eRemove the temporary file:\u003cbr\u003e\u0026nbsp; \u0026nbsp; rm /tmp/cloud-config\u003ch3\u003e5. Regenerate API and Secret Keys\u003c/h3\u003eRegenerate the API and secret keys for the \u003cb\u003eoriginal user account\u003c/b\u003e that was used to create the Kubernetes cluster.\u003cbr\u003e"
}
],
"value": "When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the \u0027kubeadmin\u0027 user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based Kubernetes cluster, can also access the API key and secret key of the \u0027kubeadmin\u0027 user of the CKS cluster\u0027s creator\u0027s account. An attacker who\u0027s a member of the project can exploit this to impersonate and perform privileged actions that can result in complete compromise of the confidentiality, integrity, and availability of resources owned by the creator\u0027s account.\n\nCKS users are recommended to upgrade to version 4.19.3.0 or 4.20.1.0, which fixes this issue.Updating Existing Kubernetes Clusters in ProjectsA service account should be created for each project to provide limited access specifically for Kubernetes cluster providers and autoscaling. Follow the steps below to create a new service account, update the secret inside the cluster, and regenerate existing API and service keys:1. Create a New Service AccountCreate a new account using the role \"Project Kubernetes Service Role\" with the following details:\n\nAccount Name\nkubeadmin-\u003cFIRST_EIGHT_CHARACTERS_OF_PROJECT_ID\u003e\nFirst Name\nKubernetes\nLast Name\nService User\nAccount Type\n0 (Normal User)\nRole ID\n\u003cID_OF_SERVICE_ROLE\u003e\n\n\n\n2. Add the Service Account to the ProjectAdd this account to the project where the Kubernetes cluster(s) are hosted.\n3. Generate API and Secret KeysGenerate API Key and Secret Key for the default user of this account.\n4. Update the CloudStack Secret in the Kubernetes ClusterCreate a temporary file `/tmp/cloud-config` with the following data:\n\u00a0\u00a0\u00a0api-url = \u003cAPI_URL\u003e \u00a0 \u00a0 # For example: \u003cMS_URL\u003e/client/api\n\u00a0 api-key = \u003cSERVICE_USER_API_KEY\u003e\n\u00a0 secret-key = \u003cSERVICE_USER_SECRET_KEY\u003e\n\u00a0 project-id = \u003cPROJECT_ID\u003e\n\n\n\n\nDelete the existing secret using kubectl and Kubernetes cluster config:\n\u00a0\u00a0\u00a0./kubectl --kubeconfig kube.conf -n kube-system delete secret cloudstack-secret\n\n\n\n\nCreate a new secret using kubectl and Kubernetes cluster config:\n\u00a0 \u00a0 ./kubectl --kubeconfig kube.conf -n kube-system create secret generic cloudstack-secret --from-file=/tmp/cloud-config\n\n\n\n\nRemove the temporary file:\n\u00a0 \u00a0 rm /tmp/cloud-config5. Regenerate API and Secret KeysRegenerate the API and secret keys for the original user account that was used to create the Kubernetes cluster."
}
],
"metrics": [
{
"other": {
"content": {
"text": "critical"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T23:08:48.602Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack: CKS cluster in project exposes user API keys",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-26521",
"datePublished": "2025-06-10T23:08:48.602Z",
"dateReserved": "2025-02-12T09:12:55.769Z",
"dateUpdated": "2025-06-14T03:56:16.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29006 (GCVE-0-2024-29006)
Vulnerability from cvelistv5
Published
2024-04-04 07:48
Modified
2025-03-27 19:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Summary
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.11.0.0 ≤ 4.18.1.0 Version: 4.19.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-04T15:38:39.808444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T19:43:43.236Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.1.0",
"status": "affected",
"version": "4.11.0.0",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.19.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yuyang Xiao \u003csuperxyyang@gmail.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eBy default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.\u003c/div\u003e"
}
],
"value": "By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrade to CloudStack version 4.18.1.1 or 4.19.0.1, which fixes this issue.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-04T07:50:18.522Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/82f46pv7mvh95ybto5hn8wlo6g8jhjvp"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CloudStack: x-forwarded-for HTTP header parsed by default",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-29006",
"datePublished": "2024-04-04T07:48:54.101Z",
"dateReserved": "2024-03-13T22:56:41.313Z",
"dateUpdated": "2025-03-27T19:43:43.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38346 (GCVE-0-2024-38346)
Vulnerability from cvelistv5
Published
2024-07-05 13:40
Modified
2025-02-13 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Summary
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code execution via agents on the hosts that may run as a privileged user. An attacker that can reach the cluster service on the unauthenticated port (default 9090), can exploit this to perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.
Users are recommended to restrict the network access to the cluster service port (default 9090) on a CloudStack management server host to only its peer CloudStack management server hosts. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1 | vendor-advisory, mailing-list | |
| https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1 | vendor-advisory, patch | |
| https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-2/ | third-party-advisory | |
| http://www.openwall.com/lists/oss-security/2024/07/05/1 |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.0.0 ≤ 4.18.2.0 Version: 4.19.0.0 ≤ 4.19.0.1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloudstack",
"vendor": "apache",
"versions": [
{
"lessThan": "4.18.2.1",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "4.19.0.2",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T13:47:26.659799Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T13:54:00.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1"
},
{
"tags": [
"vendor-advisory",
"patch",
"x_transferred"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-2/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/05/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.0",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.0.1",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Pond of Apple Services Engineering Security"
},
{
"lang": "en",
"type": "finder",
"value": "Terry Thibault of Apple Services Engineering Security"
},
{
"lang": "en",
"type": "finder",
"value": "Damon Smith of Apple Services Engineering Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code execution via agents on the hosts that may run as a privileged user.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker that can reach the cluster service on the unauthenticated\u0026nbsp;port (default 9090), can exploit this to perform remote code execution on CloudStack managed hosts and result in complete\u003c/span\u003e\u0026nbsp;compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.\u003c/p\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUsers are recommended to restrict the network access to the cluster service port (default 9090) on a CloudStack management server host to only its peer CloudStack management server hosts.\u0026nbsp;\u003c/span\u003eUsers are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.\u003c/div\u003e\u003c/span\u003e"
}
],
"value": "The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code execution via agents on the hosts that may run as a privileged user.\u00a0An attacker that can reach the cluster service on the unauthenticated\u00a0port (default 9090), can exploit this to perform remote code execution on CloudStack managed hosts and result in complete\u00a0compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.\n\nUsers are recommended to restrict the network access to the cluster service port (default 9090) on a CloudStack management server host to only its peer CloudStack management server hosts.\u00a0Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T13:45:06.359Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory",
"mailing-list"
],
"url": "https://lists.apache.org/thread/6l51r00csrct61plkyd3qg3fj99215d1"
},
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.0.2-4.18.2.1"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-1-and-4-19-0-2/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/05/1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CloudStack: Unauthenticated cluster service port leads to remote execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-38346",
"datePublished": "2024-07-05T13:40:57.246Z",
"dateReserved": "2024-06-14T07:51:47.021Z",
"dateUpdated": "2025-02-13T17:53:05.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45219 (GCVE-0-2024-45219)
Vulnerability from cvelistv5
Published
2024-10-16 07:55
Modified
2024-10-16 14:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.
Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue.
Additionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk.
for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; done
The command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.
For checking the whole template/volume features of each disk, operators can run the following command:
for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done
References
| ▼ | URL | Tags |
|---|---|---|
| https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2 | patch, vendor-advisory | |
| https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo | mailing-list | |
| https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-4-and-4-19-1-2/ | third-party-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.0.0 ≤ 4.18.2.3 Version: 4.19.0.0 ≤ 4.19.1.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-10-16T08:03:38.754Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/15/2"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_cloudstack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "apache_cloudstack",
"vendor": "apache_software_foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.3",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.1.1",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:45:46.172559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:48:18.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "4.18.2.3",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.1.1",
"status": "affected",
"version": "4.19.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Daniel Augusto Veronezi Salvador \u003cgutoveronezi@apache.org\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. \u003cbr\u003e\u003cbr\u003e\u003c/span\u003eAdditionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk.\u003cbr\u003e\u003c/div\u003e\u003cblockquote\u003efor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully.\"; qemu-img info -U $file | grep file: ; printf \"\\n\\n\"; done\u003c/blockquote\u003e\u003cdiv\u003e\u003cbr\u003eThe command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.\u003cbr\u003e\u003cbr\u003eFor checking the whole template/volume features of each disk, operators can run the following command:\u003cbr\u003e\u003c/div\u003e\u003cblockquote\u003efor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info.\"; qemu-img info -U $file; printf \"\\n\\n\"; done\u003c/blockquote\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.\n\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. \n\nAdditionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk.\n\n\nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully.\"; qemu-img info -U $file | grep file: ; printf \"\\n\\n\"; done\nThe command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.\n\nFor checking the whole template/volume features of each disk, operators can run the following command:\n\n\nfor file in $(find /path/to/storage/ -type f -regex [a-f0-9\\-]*.*); do echo \"Retrieving file [$file] info.\"; qemu-img info -U $file; printf \"\\n\\n\"; done"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T07:55:02.534Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch",
"vendor-advisory"
],
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/ktsfjcnj22x4kg49ctock3d9tq7jnvlo"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-4-and-4-19-1-2/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-45219",
"datePublished": "2024-10-16T07:55:02.534Z",
"dateReserved": "2024-08-23T20:40:33.349Z",
"dateUpdated": "2024-10-16T14:48:18.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30675 (GCVE-0-2025-30675)
Vulnerability from cvelistv5
Published
2025-06-10 23:12
Modified
2025-06-11 13:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the 'domainid' parameter along with the 'filter=self' or 'filter=selfexecutable' values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain.
A malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.
This vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller's scope rather than defaulting to the ROOT domain.
Affected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CloudStack |
Version: 4.0.0 ≤ Version: 4.20.0.0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:52:11.857369Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:52:21.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CloudStack",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.19.3.0",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "4.20.1.0",
"status": "affected",
"version": "4.20.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bernardo De Marco Gon\u00e7alves \u003cbernardomg2004@gmail.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eIn Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the \u0027domainid\u0027 parameter along with the \u0027filter=self\u0027 or \u0027filter=selfexecutable\u0027 values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain.\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eA malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.\u0026nbsp;\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eThis vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller\u0027s scope rather than defaulting to the ROOT domain.\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan style=\"background-color: rgba(232, 232, 232, 0.04);\"\u003eAffected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0.\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying the \u0027domainid\u0027 parameter along with the \u0027filter=self\u0027 or \u0027filter=selfexecutable\u0027 values. This allows the attacker to gain unauthorized visibility into templates and ISOs under the ROOT domain.\n\nA malicious admin can enumerate and extract metadata of templates and ISOs that belong to unrelated domains, violating isolation boundaries and potentially exposing sensitive or internal configuration details.\u00a0\n\nThis vulnerability has been fixed by ensuring the domain resolution strictly adheres to the caller\u0027s scope rather than defaulting to the ROOT domain.\n\n\n\n\nAffected users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T23:12:23.838Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cloudstack.apache.org/blog/cve-advisories-4.19.3.0-4.20.1.0/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-19-3-0-and-4-20-1-0/"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread/y3qnwn59t8qggtdohv7k7vw39bgb3d60"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CloudStack: Unauthorised template/ISO list access to the domain/resource admins",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-30675",
"datePublished": "2025-06-10T23:12:23.838Z",
"dateReserved": "2025-03-25T07:15:12.974Z",
"dateUpdated": "2025-06-11T13:52:21.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}