4 matches found
CVE-2024-50386 Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure
Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...
CVE-2024-50386 Apache CloudStack: Directly downloaded templates can be used to abuse KVM-based infrastructure
Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through 4.19.1.2, an attacker...
CVE-2024-45219 Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure
Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2....
CVE-2024-45219 Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure
Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2....