389 matches found
CVE-2024-38346
The CloudStack cluster service runs on unauthenticated port default 9090 that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code...
CVE-2024-38346
The CloudStack cluster service runs on unauthenticated port default 9090 that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code...
CVE-2024-38346
CVE-2024-38346 affects Apache CloudStack’s cluster service that runs on an unauthenticated port (default 9090). The provided documents describe a code-injection vulnerability enabling remote code execution on targeted hypervisors and CloudStack management server hosts, potentially leading to comp...
CVE-2024-38346 Apache CloudStack: Unauthenticated cluster service port leads to remote execution
The CloudStack cluster service runs on unauthenticated port default 9090 that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code...
CVE-2024-38346 Apache CloudStack: Unauthenticated cluster service port leads to remote execution
The CloudStack cluster service runs on unauthenticated port default 9090 that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in arbitrary code...
CVE-2024-39864
The CVE-2024-39864 issue affects Apache CloudStack's Integration API service. When integration.api.port is set to 0 (default), an improper initialisation causes the unauthenticated integration API server to listen on a random port. An attacker with access to the CloudStack management network coul...
CVE-2024-39864 Apache CloudStack: Integration API service uses dynamic port when disabled
The CloudStack integration API service allows running its unauthenticated API server usually on port 8096 when configured and enabled via integration.api.port global setting for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is...
CVE-2024-39864 Apache CloudStack: Integration API service uses dynamic port when disabled
The CloudStack integration API service allows running its unauthenticated API server usually on port 8096 when configured and enabled via integration.api.port global setting for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is...
Apache CloudStack 代码注入漏洞
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from a code injection vulnerability that...
Apache CloudStack Security Vulnerability
Apache CloudStack is a suite of Infrastructure-as-a-Service IaaS cloud computing platforms from the Apache USA Foundation. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from a security vulnerability that stems from improper...
PT-2024-28703 · Apache · Cloudstack
Name of the Vulnerable Software and Affected Versions: CloudStack versions prior to 4.18.2.1 CloudStack versions prior to 4.19.0.2 Description: The CloudStack integration API service allows running its unauthenticated API server for internal portal integrations and testing purposes. Due to improp...
PT-2024-27949 · Apache · Apache Cloudstack
Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions prior to 4.18.2.1 Apache CloudStack versions prior to 4.19.0.2 Description: The CloudStack cluster service runs on an unauthenticated port default 9090 that can be misused to run arbitrary commands on targeted...
Apache CloudStack Security Bypass Vulnerability
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from a security bypass vulnerability that...
Apache CloudStack Input Validation Error Vulnerability (CNVD-2024-20836)
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from an input validation error vulnerabilit...
Apache CloudStack Security Bypass Vulnerability (CNVD-2024-20837)
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. Apache CloudStack suffers from a security bypass vulnerability that...
CVE-2024-29008
A problem has been identified in the CloudStack additional VM configuration extraconfig feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not...
CVE-2024-29008
A problem has been identified in the CloudStack additional VM configuration extraconfig feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when the feature is not...
CVE-2024-29006
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrad...
CVE-2024-29006
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are recommended to upgrad...
CVE-2024-29007
The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to version 4.18.1.1 or...