4 matches found
CVE-2025-22828
CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...
CVE-2025-22828
CVE-2025-22828 affects Apache CloudStack 4.16.0 and later. An access validation issue lets users with access or prior knowledge of resource UUIDs list or add comments (annotations) on resources they are authorized to access, potentially reading or injecting comments that could disclose privileged...
CVE-2025-22828 Apache CloudStack: Unauthorised access to annotations
CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...
CVE-2025-22828 Apache CloudStack: Unauthorised access to annotations
CloudStack users can add and read comments annotations on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments annotations to suc...