5 matches found
EUVD-2025-209740
The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and has access to specific APIs can list backups from any account in the environment...
CVE-2025-66172
The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can restore a volume from any other user's backups and...
CVE-2026-25199
The CVE describes a vulnerability in the Proxmox extension for Apache CloudStack (affecting 4.21.0.0–4.22.0.0) where the user-editable proxmox_vmid setting is not validated against tenant ownership. An unauthenticated attacker can modify proxmox_vmid to reference a VM owned by another account, gr...
PT-2026-38913
Name of the Vulnerable Software and Affected Versions CloudStack Backup plugin versions 4.21.0.0 through 4.22.0.0 Description The CloudStack Backup plugin contains improper authorization logic. Authenticated users in environments where this plugin is enabled can list backups from any account in t...
CVE-2024-37758
Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges...