cvelistv5 - cve-2025-22828

CVE-2025-22828 (GCVE-0-2025-22828)

Vulnerability from cvelistv5

Published

2025-01-13 12:47

Modified

2025-01-13 19:02

Severity ?

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Summary

CloudStack users can add and read comments (annotations) on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources. An attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources. This may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn't same as access to CloudStack resources, making this issue of very low severity and general low impact. CloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure.

References

▼	URL	Tags
	security@apache.org	https://lists.apache.org/thread/bbsm9fdwrgfyostzojh6ghpocgdmx8rs	Mailing List, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/01/13/1	Mailing List

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache CloudStack	Version: 4.16.0 ≤ *

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-22828",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-13T17:24:45.749950Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-13T17:25:25.072Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-13T19:02:32.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/01/13/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache CloudStack",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "*",
              "status": "affected",
              "version": "4.16.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Alex Perrakis \u003calexperrakis1@gmail.com\u003e"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Efstratios Chatzoglou \u003cefchatzoglou@gmail.com\u003e"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eCloudStack users can add and read comments (annotations) on resources they are authorised to access.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eDue to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eAn attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eThis may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn\u0027t same as access to CloudStack resources, making this issue of very low severity and general low impact.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eCloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure.\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "CloudStack users can add and read comments (annotations) on resources they are authorised to access.\u00a0\n\nDue to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.\u00a0\n\nAn attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.\u00a0\n\nThis may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn\u0027t same as access to CloudStack resources, making this issue of very low severity and general low impact.\n\n\nCloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-13T12:47:51.619Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/bbsm9fdwrgfyostzojh6ghpocgdmx8rs"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache CloudStack: Unauthorised access to annotations",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-22828",
    "datePublished": "2025-01-13T12:47:51.619Z",
    "dateReserved": "2025-01-07T22:13:56.892Z",
    "dateUpdated": "2025-01-13T19:02:32.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-22828\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-01-13T13:16:12.233\",\"lastModified\":\"2025-07-01T19:20:38.217\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CloudStack users can add and read comments (annotations) on resources they are authorised to access.\u00a0\\n\\nDue to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.\u00a0\\n\\nAn attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.\u00a0\\n\\nThis may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn\u0027t same as access to CloudStack resources, making this issue of very low severity and general low impact.\\n\\n\\nCloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure.\"},{\"lang\":\"es\",\"value\":\"Los usuarios de CloudStack pueden agregar y leer comentarios (anotaciones) en los recursos a los que est\u00e1n autorizados a acceder. Debido a un problema de validaci\u00f3n de acceso que afecta a las versiones de Apache CloudStack desde la 4.16.0, los usuarios que tienen acceso, acceso previo o conocimiento de los UUID de los recursos pueden enumerar y agregar comentarios (anotaciones) a dichos recursos. Un atacante con una cuenta de usuario y acceso o conocimiento previo de los UUID de los recursos puede aprovechar este problema para leer el contenido de los comentarios (anotaciones) o agregar comentarios maliciosos (anotaciones) a dichos recursos. Esto puede provocar una posible p\u00e9rdida de confidencialidad de los entornos y recursos de CloudStack si los comentarios (anotaciones) contienen informaci\u00f3n privilegiada. Sin embargo, adivinar o forzar brutamente los UUID de los recursos es generalmente dif\u00edcil o imposible y el acceso para enumerar o agregar comentarios no es lo mismo que el acceso a los recursos de CloudStack, lo que hace que este problema sea de muy baja gravedad y, en general, de bajo impacto. Los administradores de CloudStack tambi\u00e9n pueden prohibir el acceso a la API listAnnotations y addAnnotation a roles que no sean de administrador en su entorno como medida provisional.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.16.0.0\",\"matchCriteriaId\":\"E51B7CE9-833F-46FD-BF9D-4248F91E296A\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/bbsm9fdwrgfyostzojh6ghpocgdmx8rs\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/01/13/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/01/13/1\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-01-13T19:02:32.935Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22828\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-13T17:24:45.749950Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-13T17:25:10.476Z\"}}], \"cna\": {\"title\": \"Apache CloudStack: Unauthorised access to annotations\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Alex Perrakis \u003calexperrakis1@gmail.com\u003e\"}, {\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Efstratios Chatzoglou \u003cefchatzoglou@gmail.com\u003e\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"Low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache CloudStack\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.16.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"*\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/bbsm9fdwrgfyostzojh6ghpocgdmx8rs\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"CloudStack users can add and read comments (annotations) on resources they are authorised to access.\\u00a0\\n\\nDue to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.\\u00a0\\n\\nAn attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.\\u00a0\\n\\nThis may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn\u0027t same as access to CloudStack resources, making this issue of very low severity and general low impact.\\n\\n\\nCloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eCloudStack users can add and read comments (annotations) on resources they are authorised to access.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eDue to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eAn attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.\u0026nbsp;\u003c/div\u003e\u003cdiv\u003eThis may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn\u0027t same as access to CloudStack resources, making this issue of very low severity and general low impact.\u003c/div\u003e\u003cbr\u003e\u003cdiv\u003eCloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure.\u003c/div\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-01-13T12:47:51.619Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-22828\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-13T19:02:32.935Z\", \"dateReserved\": \"2025-01-07T22:13:56.892Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-01-13T12:47:51.619Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2025-22828

Vulnerability from fkie_nvd

Published

2025-01-13 13:16

Modified

2025-07-01 19:20

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

▼	URL	Tags
	security@apache.org	https://lists.apache.org/thread/bbsm9fdwrgfyostzojh6ghpocgdmx8rs	Mailing List, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/01/13/1	Mailing List

Impacted products

	Vendor	Product	Version
	apache	cloudstack	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E51B7CE9-833F-46FD-BF9D-4248F91E296A",
              "versionStartIncluding": "4.16.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CloudStack users can add and read comments (annotations) on resources they are authorised to access.\u00a0\n\nDue to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.\u00a0\n\nAn attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.\u00a0\n\nThis may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn\u0027t same as access to CloudStack resources, making this issue of very low severity and general low impact.\n\n\nCloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure."
    },
    {
      "lang": "es",
      "value": "Los usuarios de CloudStack pueden agregar y leer comentarios (anotaciones) en los recursos a los que est\u00e1n autorizados a acceder. Debido a un problema de validaci\u00f3n de acceso que afecta a las versiones de Apache CloudStack desde la 4.16.0, los usuarios que tienen acceso, acceso previo o conocimiento de los UUID de los recursos pueden enumerar y agregar comentarios (anotaciones) a dichos recursos. Un atacante con una cuenta de usuario y acceso o conocimiento previo de los UUID de los recursos puede aprovechar este problema para leer el contenido de los comentarios (anotaciones) o agregar comentarios maliciosos (anotaciones) a dichos recursos. Esto puede provocar una posible p\u00e9rdida de confidencialidad de los entornos y recursos de CloudStack si los comentarios (anotaciones) contienen informaci\u00f3n privilegiada. Sin embargo, adivinar o forzar brutamente los UUID de los recursos es generalmente dif\u00edcil o imposible y el acceso para enumerar o agregar comentarios no es lo mismo que el acceso a los recursos de CloudStack, lo que hace que este problema sea de muy baja gravedad y, en general, de bajo impacto. Los administradores de CloudStack tambi\u00e9n pueden prohibir el acceso a la API listAnnotations y addAnnotation a roles que no sean de administrador en su entorno como medida provisional."
    }
  ],
  "id": "CVE-2025-22828",
  "lastModified": "2025-07-01T19:20:38.217",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-13T13:16:12.233",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/bbsm9fdwrgfyostzojh6ghpocgdmx8rs"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2025/01/13/1"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

wid-sec-w-2025-0052

Vulnerability from csaf_certbund

Published

2025-01-13 23:00

Modified

2025-01-13 23:00

Summary

Apache CloudStack: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Apache CloudStack ist eine Sofwareplattform zum Verwalten großer Netzwerke von virtuellen Maschienen als eine hoch verfügbare, hoch skalierbare Infrastructure as a Service (IaaS) Cloud Computing Plattform. CloudStack wurde von Citrix entwicklet und anschließend über Apache als Open Source Software zur Verfügung gestellt.

Angriff

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Apache CloudStack ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme

- Linux - UNIX

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Apache CloudStack ist eine Sofwareplattform zum Verwalten gro\u00dfer Netzwerke von virtuellen Maschienen als eine hoch verf\u00fcgbare, hoch skalierbare Infrastructure as a Service (IaaS) Cloud Computing Plattform. CloudStack wurde von Citrix entwicklet und anschlie\u00dfend \u00fcber Apache als Open Source Software zur Verf\u00fcgung gestellt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Apache CloudStack ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0052 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0052.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0052 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0052"
      },
      {
        "category": "external",
        "summary": "CloudStack Blog vom 2025-01-13",
        "url": "https://cloudstack.apache.org/blog/unauthorised-access-to-annotations"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2025-01-13",
        "url": "https://github.com/advisories/GHSA-7jhp-8mw7-9mrw"
      },
      {
        "category": "external",
        "summary": "OSS Security Mailing List vom 2025-01-13",
        "url": "https://seclists.org/oss-sec/2025/q1/13"
      }
    ],
    "source_lang": "en-US",
    "title": "Apache CloudStack: Schwachstelle erm\u00f6glicht Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2025-01-13T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-14T10:33:13.845+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2025-0052",
      "initial_release_date": "2025-01-13T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-01-13T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e=4.16.0",
                "product": {
                  "name": "Apache CloudStack \u003e=4.16.0",
                  "product_id": "1201080"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003e=4.16.0",
                "product": {
                  "name": "Apache CloudStack \u003e=4.16.0",
                  "product_id": "1201080-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "CloudStack"
          }
        ],
        "category": "vendor",
        "name": "Apache"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-22828",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle in Apache CloudStack. Aufgrund eines Zugriffsvalidierungsproblems k\u00f6nnen Benutzer unbefugt Kommentare auflisten, hinzuf\u00fcgen, bearbeiten und l\u00f6schen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um Sicherheitsvorkehrungen zu umgehen"
        }
      ],
      "release_date": "2025-01-13T23:00:00.000+00:00",
      "title": "CVE-2025-22828"
    }
  ]
}

ghsa-7jhp-8mw7-9mrw

Vulnerability from github

Published

2025-01-13 15:30

Modified

2025-01-13 21:30

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CloudStack users can add and read comments (annotations) on resources they are authorised to access.

Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.

An attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.

This may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn't same as access to CloudStack resources, making this issue of very low severity and general low impact.

CloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-22828"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-13T13:16:12Z",
    "severity": "MODERATE"
  },
  "details": "CloudStack users can add and read comments (annotations) on resources they are authorised to access.\u00a0\n\nDue to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources.\u00a0\n\nAn attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources.\u00a0\n\nThis may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn\u0027t same as access to CloudStack resources, making this issue of very low severity and general low impact.\n\n\nCloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure.",
  "id": "GHSA-7jhp-8mw7-9mrw",
  "modified": "2025-01-13T21:30:52Z",
  "published": "2025-01-13T15:30:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22828"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/bbsm9fdwrgfyostzojh6ghpocgdmx8rs"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/01/13/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-22828 (GCVE-0-2025-22828)

Vulnerability from cvelistv5

fkie_cve-2025-22828

Vulnerability from fkie_nvd

wid-sec-w-2025-0052

Vulnerability from csaf_certbund

ghsa-7jhp-8mw7-9mrw

Vulnerability from github

Tags

Sightings

Nomenclature