Code injection

2015-01-1515:59:00

PRIOn knowledge base

www.prio-n.com

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.1%

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.

CPENameOperatorVersion
cloudstackeq4.4.1
cloudstackle4.3.1
cloudstackeq4.4.0

Name	Operator	Version
cloudstack	eq	4.4.1
cloudstack	le	4.3.1
cloudstack	eq	4.4.0

References

docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.3.2/about.html

docs.cloudstack.apache.org/projects/cloudstack-release-notes/en/4.4.2/fixed_issues.html

secunia.com/advisories/62216

issues.apache.org/jira/browse/CLOUDSTACK-7952