6 matches found
CVE-2022-26779
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...
CVE-2022-26779
creationtimestamp| type| source ---|---|--- 2022-03-15 19:19:47+00:00| seen| https://t.me/cibsecurity/38952...
CVE-2022-26779
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...
CVE-2022-26779 Apache Cloudstack insecure random number generation affects project email invitation
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...
CVE-2022-26779 Apache Cloudstack insecure random number generation affects project email invitation
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...
CVE-2022-26779
CVE-2022-26779 (Apache CloudStack) affects CloudStack versions prior to 4.16.1.0, where project invitation tokens were generated with insecure randomness when an invite is created based on an email address. The root cause is the insecure RNG, enabling an attacker who knows the project ID and that...