cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2025-22828,https://securityvulnerability.io/vulnerability/CVE-2025-22828,Access Control Issue in Apache CloudStack Affects User Comments,"An access validation flaw in Apache CloudStack allows users to add and read comments on resources they are authorized to access. This issue affects versions starting from 4.16.0, and attackers with username and access privileges, as well as knowledge of resource UUIDs, can exploit it. While it's difficult to enumerate resource UUIDs, the potential risk lies in the confidentiality of information stored within comments. The ability to insert or read annotations could lead to unauthorized exposure of sensitive data. Administrators are advised to restrict API access for non-admin roles as a precautionary measure.",Apache,Apache Cloudstack,,,0.0004299999854993075,false,,false,false,true,2025-01-31T04:26:38.000Z,true,false,false,,2025-01-13T12:47:51.619Z,66 CVE-2024-45462,https://securityvulnerability.io/vulnerability/CVE-2024-45462,Unexpected Session Expiration Vulnerability Affects CloudStack Users,"The logout feature within the Apache CloudStack web interface fails to fully expire user sessions. As a result, even after logging out, sessions can remain valid until they either time out or the backend service is restarted. This vulnerability could allow an attacker, who has gained access to a user's browser, to exploit an unexpired session and access resources belonging to the previously logged-out user. Users utilizing Apache CloudStack versions from 4.15.1.0 to 4.18.2.3 and from 4.19.0.0 to 4.19.1.1 are specifically affected. To mitigate this issue, upgrading to versions 4.18.2.4 or 4.19.1.2 or later is recommended.",Apache CloudStack,Cloudstack,7.1,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-10-16T08:15:00.000Z,0 CVE-2024-45693,https://securityvulnerability.io/vulnerability/CVE-2024-45693,"Attackers Can Trick Users into Submitting Malicious CSRF Requests, Leading to Privilege Escalation and Data Exposure","A security vulnerability exists in the Apache CloudStack web interface, allowing authenticated users to be deceived into executing unauthorized Cross-Site Request Forgery (CSRF) actions. This flaw originates from a lack of proper validation of request origins. Exploitation of this vulnerability permits attackers to manipulate user sessions, gain elevated privileges, seize control over user accounts, disrupt operations, and access sensitive information managed by the affected cloud platform. Users on versions 4.15.1.0 to 4.18.2.3 and 4.19.0.0 to 4.19.1.1 are particularly impacted. It is highly recommended to upgrade to versions 4.18.2.4 or 4.19.1.2 or later to mitigate these risks.",Apache CloudStack,Cloudstack,8.8,HIGH,0.0014400000218302011,false,,false,false,false,,,false,false,,2024-10-16T08:15:00.000Z,0 CVE-2024-45461,https://securityvulnerability.io/vulnerability/CVE-2024-45461,Insecure Quota Configuration in CloudStack Allowing Unauthorized Access to Quota-Related Data and Configurations,"The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting ""quota.enable.service"" to ""false"".",Apache CloudStack,Cloudstack,6.3,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2024-10-16T08:15:00.000Z,0 CVE-2024-42062,https://securityvulnerability.io/vulnerability/CVE-2024-42062,Understanding the Recent Access Permission Validation Vulnerability in CloudStack,"A significant access permission validation flaw has been identified in Apache CloudStack, allowing domain admin accounts to access API and secret keys generated by all registered account users, including that of root admin accounts. This vulnerability exists in Apache CloudStack versions ranging from 4.10.0 to 4.19.1.0. An attacker leveraging this weakness can escalate their privileges, potentially resulting in unauthorized access, data loss, denial of service, and threats to the overall integrity and confidentiality of the cloud-managed infrastructure. The recommended course of action is immediate upgrading to versions 4.18.2.3 or 4.19.1.1 and the regeneration of all API and secret keys.",Apache,Apache Cloudstack,7.2,HIGH,0.002520000096410513,false,,false,false,false,,,false,false,,2024-08-07T07:17:08.811Z,0 CVE-2024-42222,https://securityvulnerability.io/vulnerability/CVE-2024-42222,Unauthorized Access to Network Details in CloudStack 4.19.1.0,"In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data. Affected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1.",Apache,Apache Cloudstack,4.3,MEDIUM,0.000859999970998615,false,,false,false,false,,,false,false,,2024-08-07T07:16:13.765Z,0 CVE-2024-41107,https://securityvulnerability.io/vulnerability/CVE-2024-41107,SAML Authentication Vulnerability in CloudStack Environments,"CVE-2024-41107 is a SAML authentication vulnerability that affects Apache CloudStack environments. The vulnerability allows attackers to bypass SAML authentication and gain unauthorized access to user accounts and control over cloud resources. It is recommended for affected users to disable the SAML authentication plugin or upgrade to the patched versions 4.18.2.2 or 4.19.1.0. An exploit for this vulnerability has been developed, highlighting the critical nature of the issue. The BSI has issued a security advisory for Apache CloudStack, recommending users to keep their systems up to date and install security updates as soon as they are available. The exploit poses a medium risk for affected systems and can potentially lead to the bypassing of security measures.",Apache,Apache Cloudstack,8.1,HIGH,0.7969300150871277,false,,true,false,true,2024-07-24T16:34:18.000Z,,false,false,,2024-07-19T10:19:53.995Z,0 CVE-2024-38346,https://securityvulnerability.io/vulnerability/CVE-2024-38346,CloudStack Cluster Service Vulnerable to Command Injection Attacks,"The Apache CloudStack management server is affected by a significant security vulnerability that allows attackers to exploit an unauthenticated port (default 9090) to execute arbitrary commands. This vulnerability stems from command injection issues within the CloudStack cluster service, which can lead to remote code execution on compromised hypervisors and management hosts, potentially impacting the overall security and operation of the CloudStack managed infrastructure. To mitigate risks, it is essential to restrict access to the cluster service port and apply the recommended software updates to versions 4.18.2.1 or 4.19.0.2 or later.",Apache,Apache Cloudstack,9.8,CRITICAL,0.0022700000554323196,false,,true,false,false,,,false,false,,2024-07-05T13:40:57.246Z,0 CVE-2024-39864,https://securityvulnerability.io/vulnerability/CVE-2024-39864,Unauthorized Access to CloudStack Management Network Could Lead to Compromise of Infrastructure,"The Apache CloudStack integration API service has a flaw that allows the unauthenticated API server to run on a random port when the configuration incorrectly sets the integration.api.port to 0. This exposes the service to potential attacks by unauthorized users who can access the management network. An attacker can scan for the random port and exploit this vulnerability, leading to unauthorized administrative actions and the possibility of remote code execution on CloudStack managed hosts. This can severely jeopardize the confidentiality, integrity, and availability of the entire managed infrastructure. It is crucial to ensure proper network restrictions and upgrade to version 4.18.2.1, 4.19.0.2 or later to mitigate this risk.",Apache,Apache Cloudstack,9.8,CRITICAL,0.0022700000554323196,false,,true,false,false,,,false,false,,2024-07-05T13:40:37.937Z,0 CVE-2024-29008,https://securityvulnerability.io/vulnerability/CVE-2024-29008,Attacker can exploit feature to attach host devices and gain access to underlying infrastructure,"A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not explicitly enabled by the administrator. In a KVM based CloudStack environment, an attacker can exploit this issue to attach host devices such as storage disks, and PCI and USB devices such as network adapters and GPUs, in a regular VM instance that can be further exploited to gain access to the underlying network and storage infrastructure resources, and access any VM instance disks on the local storage. Users are advised to upgrade to version 4.18.1.1 or 4.19.0.1, which fixes this issue. ",Apache,Apache Cloudstack,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-04T08:15:00.000Z,0 CVE-2022-35741,https://securityvulnerability.io/vulnerability/CVE-2022-35741,Apache CloudStack SAML Single Sign-On XXE,"Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server.",Apache,Apache Cloudstack,9.8,CRITICAL,0.0017500000540167093,false,,false,false,false,,,false,false,,2022-07-18T14:30:14.000Z,0 CVE-2022-26779,https://securityvulnerability.io/vulnerability/CVE-2022-26779,Apache Cloudstack insecure random number generation affects project email invitation,"Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.",Apache,Apache Cloudstack,7.5,HIGH,0.0022700000554323196,false,,false,false,false,,,false,false,,2022-03-15T15:40:11.000Z,0 CVE-2019-17562,https://securityvulnerability.io/vulnerability/CVE-2019-17562,,"A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond.",Apache,Apache Cloudstack,9.8,CRITICAL,0.004189999774098396,false,,false,false,false,,,false,false,,2020-05-14T16:14:55.000Z,0 CVE-2016-6813,https://securityvulnerability.io/vulnerability/CVE-2016-6813,,"Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-""root"") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.",Apache,Apache Cloudstack,9.8,CRITICAL,0.0029700000304728746,false,,false,false,false,,,false,false,,2018-02-06T14:29:00.000Z,0 CVE-2013-4317,https://securityvulnerability.io/vulnerability/CVE-2013-4317,,"In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.",Apache,Apache Cloudstack,4.3,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2018-02-06T14:29:00.000Z,0 CVE-2016-3085,https://securityvulnerability.io/vulnerability/CVE-2016-3085,,"Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based authentication is enabled and used, allow remote attackers to bypass authentication and access the user interface via vectors related to the SAML plugin.",Apache,Cloudstack,6.5,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2016-06-10T15:00:00.000Z,0 CVE-2015-3251,https://securityvulnerability.io/vulnerability/CVE-2015-3251,,Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls.,Apache,Cloudstack,4.9,MEDIUM,0.0017000000225380063,false,,false,false,false,,,false,false,,2016-02-08T19:00:00.000Z,0 CVE-2015-3252,https://securityvulnerability.io/vulnerability/CVE-2015-3252,,"Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.",Apache,Cloudstack,9.8,CRITICAL,0.01233999989926815,false,,false,false,false,,,false,false,,2016-02-08T19:00:00.000Z,0 CVE-2014-9593,https://securityvulnerability.io/vulnerability/CVE-2014-9593,,Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.,Apache,Cloudstack,,,0.003160000080242753,false,,false,false,false,,,false,false,,2015-01-15T15:59:00.000Z,0 CVE-2014-7807,https://securityvulnerability.io/vulnerability/CVE-2014-7807,,"Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.",Apache,Cloudstack,,,0.001180000021122396,false,,false,false,false,,,false,false,,2014-12-10T15:00:00.000Z,0 CVE-2013-2758,https://securityvulnerability.io/vulnerability/CVE-2013-2758,,"Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack.",Apache,"Cloudstack,Cloudplatform",,,0.003120000008493662,false,,false,false,false,,,false,false,,2014-05-23T14:00:00.000Z,0 CVE-2013-2756,https://securityvulnerability.io/vulnerability/CVE-2013-2756,,Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.,Apache,"Cloudstack,Cloudplatform",,,0.002630000002682209,false,,false,false,false,,,false,false,,2014-05-23T14:00:00.000Z,0 CVE-2013-6398,https://securityvulnerability.io/vulnerability/CVE-2013-6398,,"The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request.",Apache,Cloudstack,,,0.002199999988079071,false,,false,false,false,,,false,false,,2014-01-15T16:08:00.000Z,0 CVE-2014-0031,https://securityvulnerability.io/vulnerability/CVE-2014-0031,,The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.,Apache,Cloudstack,,,0.0025500000920146704,false,,false,false,false,,,false,false,,2014-01-15T16:08:00.000Z,0 CVE-2013-2136,https://securityvulnerability.io/vulnerability/CVE-2013-2136,,"Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Physical network name to the Zone wizard; (2) New network name, (3) instance name, or (4) group to the Instance wizard; (5) unspecified ""multi-edit fields;"" and (6) unspecified ""list view"" edit fields related to global settings.",Apache,Cloudstack,,,0.0028099999763071537,false,,false,false,false,,,false,false,,2013-08-19T23:55:00.000Z,0