Lucene search
K

215 matches found

Vulnrichment
Vulnrichment
added 2024/10/16 7:52 a.m.16 views

CVE-2024-45693 Apache CloudStack: Request origin validation bypass makes account takeover possible

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account...

8CVSS7.2AI score0.00497EPSS
Exploits0References2
CVE
CVE
added 2024/10/16 7:52 a.m.66 views

CVE-2024-45693

The CVE-2024-45693 issue affects Apache CloudStack where missing validation of the origin of requests enables Cross-Site Request Forgery in the web interface. This could allow an attacker to impersonate an authenticated user and gain privileges, potentially leading to account takeover and exposur...

8.8CVSS8.1AI score0.00497EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.2 views

Apache CloudStack 跨站请求伪造漏洞

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from a cross-site request forgery...

8.8CVSS7AI score0.00497EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.3 views

PT-2024-31486 · Apache · Apache Cloudstack

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.0.0 through 4.18.2.3 Apache CloudStack versions 4.19.0.0 through 4.19.1.1 Description: The issue arises due to missing validation checks for KVM-compatible templates or volumes in Apache CloudStack, allowing an...

8.5CVSS8.3AI score0.01229EPSS
Exploits0References22
CNVD
CNVD
added 2024/08/08 12:0 a.m.7 views

Apache CloudStack Information Disclosure Vulnerability (CNVD-2024-35665)

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An information disclosure vulnerability exists in Apache CloudStack...

4.3CVSS6.3AI score0.00972EPSS
Exploits1References1
NVD
NVD
added 2024/08/07 8:16 a.m.32 views

CVE-2024-42222

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and...

4.3CVSS0.00972EPSS
Exploits1References5
OSV
OSV
added 2024/08/07 7:17 a.m.11 views

CVE-2024-42062 Apache CloudStack: User Key Exposure to Domain Admins

CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that...

7.2CVSS5.8AI score0.00946EPSS
Exploits0References6
CVE
CVE
added 2024/08/07 7:17 a.m.81 views

CVE-2024-42062

CVE-2024-42062 (Apache CloudStack) : A permission validation flaw in CloudStack 4.10.0–4.19.1.0 lets domain-admins query all account-user API/secret keys, including those of root admins. An attacker with domain-admin access can leverage this to gain root-admin and other privileges, potentially co...

7.2CVSS7.8AI score0.00946EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/08/07 7:17 a.m.40 views

CVE-2024-42062 Apache CloudStack: User Key Exposure to Domain Admins

CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that...

0.00946EPSS
Exploits0References3
OSV
OSV
added 2024/08/07 7:16 a.m.13 views

CVE-2024-42222 Apache CloudStack: Unauthorised Network List Access

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and...

4.3CVSS7AI score0.00972EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/08/07 7:16 a.m.23 views

CVE-2024-42222 Apache CloudStack: Unauthorised Network List Access

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and...

6.8AI score0.00972EPSS
Exploits1References4
CVE
CVE
added 2024/08/07 7:16 a.m.80 views

CVE-2024-42222

CVE-2024-42222 affects Apache CloudStack 4.19.1.0, where a regression in the network listing API allows unauthorised listing of network details for domain admins and normal users, compromising tenant isolation and potentially exposing network configurations and data. The issue has been fixed in C...

4.3CVSS7AI score0.00972EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2024/08/07 7:16 a.m.32 views

CVE-2024-42222 Apache CloudStack: Unauthorised Network List Access

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and...

0.00972EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2024/07/23 9:39 a.m.677 views

Exploit for Authentication Bypass by Spoofing in Apache Cloudstack

🇮🇱 BringThemHome NeverAgainIsNow 🇮🇱 We demand the...

8.1CVSS8.4AI score0.1776EPSS
Exploits1
CNVD
CNVD
added 2024/07/23 12:0 a.m.12 views

Apache CloudStack Security Bypass Vulnerability (CNVD-2024-33812)

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. A security bypass vulnerability exists in Apache CloudStack that stem...

8.1CVSS6.9AI score0.1776EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/07/22 12:0 a.m.5 views

The vulnerability of the Single Sign-On module for application-based SAML protocols in the Apache CloudStack software, which is used for creating, managing, and deploying infrastructure cloud services, allows a perpetrator to bypass authentication processes and gain full access to any user’s account.

The vulnerability of the Single Sign-On module for application-based SAML programs involved in creating, managing, and deploying infrastructure cloud services like Apache CloudStack relates to the bypassing of authentication processes through spoofing. Exploiting this vulnerability allows a...

10CVSS5.5AI score0.1776EPSS
Exploits1References9Affected Software1
CVE
CVE
added 2024/07/19 10:19 a.m.105 views

CVE-2024-41107

CVE-2024-41107 — Apache CloudStack: SAML Signature Exclusion Root cause: CloudStack’s SAML authentication can bypass signature checks when SAML is enabled, allowing spoofed, unsigned SAML responses to authenticate as a legitimate SAML-enabled user. Impact: In affected environments, an attacker ca...

8.1CVSS8.1AI score0.1776EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/19 10:19 a.m.16 views

CVE-2024-41107 Apache CloudStack: SAML Signature Exclusion

The CloudStack SAML authentication disabled by default does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response...

8.1AI score0.1776EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/07/19 12:0 a.m.7 views

PT-2024-5029 · Apache · Apache Cloudstack

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.5.0 through 4.18.2.1 Apache CloudStack versions 4.19.0.0 through 4.19.0.2 Description: The issue is related to the SAML authentication mechanism in Apache CloudStack, which does not enforce signature checks when...

10CVSS7.4AI score0.1776EPSS
Exploits1References19
CNVD
CNVD
added 2024/07/09 12:0 a.m.8 views

Apache CloudStack Code Injection Vulnerability

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from a code injection vulnerability that...

9.8CVSS8.3AI score0.03301EPSS
Exploits0References1
Rows per page
Query Builder