45 matches found
CVE-2022-26779
CVE-2022-26779 (Apache CloudStack) affects CloudStack versions prior to 4.16.1.0, where project invitation tokens were generated with insecure randomness when an invite is created based on an email address. The root cause is the insecure RNG, enabling an attacker who knows the project ID and that...
CVE-2025-22828
CVE-2025-22828 affects Apache CloudStack 4.16.0 and later. An access validation issue lets users with access or prior knowledge of resource UUIDs list or add comments (annotations) on resources they are authorized to access, potentially reading or injecting comments that could disclose privileged...
CVE-2024-39864
The CVE-2024-39864 issue affects Apache CloudStack's Integration API service. When integration.api.port is set to 0 (default), an improper initialisation causes the unauthenticated integration API server to listen on a random port. An attacker with access to the CloudStack management network coul...
CVE-2024-41107
CVE-2024-41107 — Apache CloudStack: SAML Signature Exclusion Root cause: CloudStack’s SAML authentication can bypass signature checks when SAML is enabled, allowing spoofed, unsigned SAML responses to authenticate as a legitimate SAML-enabled user. Impact: In affected environments, an attacker ca...
CVE-2024-29006
The CVE-2024-29006 issue affects the CloudStack management server, where the system by default accepts and logs the x-forwarded-for header as the source IP for API requests. This misconfiguration can enable authentication bypass and other operational problems if an attacker spoofs their IP. Publi...
CVE-2025-47849
CVE-2025-47849 (Apache CloudStack) : Privilege escalation affects CloudStack versions 4.10.0.0 through 4.20.0.0. A malicious Domain Admin in the ROOT domain can obtain the API key and secret key of Admin-role accounts in the same domain, enabling impersonation and access to sensitive APIs and res...
CVE-2024-42062
CVE-2024-42062 (Apache CloudStack) : A permission validation flaw in CloudStack 4.10.0–4.19.1.0 lets domain-admins query all account-user API/secret keys, including those of root admins. An attacker with domain-admin access can leverage this to gain root-admin and other privileges, potentially co...
CVE-2024-42222
CVE-2024-42222 affects Apache CloudStack 4.19.1.0, where a regression in the network listing API allows unauthorised listing of network details for domain admins and normal users, compromising tenant isolation and potentially exposing network configurations and data. The issue has been fixed in C...
CVE-2025-47713
Apache CloudStack
CVE-2022-35741
The CVE-2022-35741 issue affects Apache CloudStack 4.5.0 and later, specifically the SAML 2.0 authentication Service Provider plugin. The vulnerability is XML External Entity (XXE) injection in the XML-based SAML messages parsed during authentication. Attacker must have the plugin enabled (not en...
CVE-2025-26521
CVE-2025-26521 describes an information-disclosure flaw in Apache CloudStack where a project member can access the kubeadmin API key and secret for the creator’s CKS-based Kubernetes cluster, enabling impersonation and possible full compromise of the creator’s resources. Affected versions are pri...
CVE-2024-38346
CVE-2024-38346 affects Apache CloudStack’s cluster service that runs on an unauthenticated port (default 9090). The provided documents describe a code-injection vulnerability enabling remote code execution on targeted hypervisors and CloudStack management server hosts, potentially leading to comp...
CVE-2024-29007
The CVE-2024-29007 issue affects Apache CloudStack: when downloading templates or ISOs, the CloudStack management server and the secondary storage VM can follow HTTP 301 redirects to external resources, potentially enabling access to restricted or random resources. Affected components are the Clo...
CVE-2024-29008
CVE-2024-29008 concerns Apache CloudStack’s extraconfig (additional VM configuration) feature. In KVM environments, incorrect access control allows users who can deploy or modify VMs to configure extra VM settings even when the feature is disabled, enabling attachment of host devices (storage dis...
CVE-2024-50386
CVE-2024-50386 affects Apache CloudStack where by default, derived KVM-compatible templates can be registered for download to primary storage. The root cause is missing validation checks for KVM templates in CloudStack versions 4.0.0–4.18.2.4 and 4.19.0–4.19.1.2. An attacker able to register temp...
CVE-2024-45219
Apache CloudStack CVE-2024-45219 concerns a KVM-related vulnerability where default user uploads/registrations of templates and volumes can bypass validation for KVM-compatible disks. The issue spans CloudStack versions 4.0.0–4.18.2.3 and 4.19.0.0–4.19.1.1, allowing an attacker who can upload or ...
CVE-2025-30675
CVE-2025-30675 in Apache CloudStack affects the listTemplates and listIsos APIs due to a flawed access-control check when domainid is specified with filters self or selfexecutable. The issue allows a Domain Admin or Resource Admin to enumerate templates/ISOs in unrelated domains, breaching isolat...
CVE-2016-6813
CVE-2016-6813 affects Apache CloudStack 4.1–4.8.1.0 and 4.9.0.0. The issue is an API call that lets a user register for the developer API, and if the attacker can determine another non-root user’s CloudStack ID, they may reset that user’s API keys and gain access to their account and resources. T...
CVE-2013-2758
CVE-2013-2758 affects Apache CloudStack 4.0.0–4.0.1 and Citrix CloudPlatform 3.0.x prior to 3.0.6 Patch C, which use a hash of a predictable sequence. This enables remote attackers to guess the console access URL via brute force. Remediation: upgrade to Apache CloudStack 4.0.2 or later, and Citri...
CVE-2013-2756
The CVE-2013-2756 issue affects Apache CloudStack 4.0.0–4.0.1 (and Citrix CloudPlatform 3.0.x up to 3.0.5) where Patch C for the respective lines allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code. The root cause is an authentication bypa...
CVE-2024-45462
The CVE describes an incomplete session invalidation in Apache CloudStack that allows a user with browser access to reuse an unexpired session after logout. Affected versions: 4.15.1.0–4.18.2.3 and 4.19.0.0–4.19.1.1. Mitigation per connected documents: upgrade to 4.18.2.4 or 4.19.1.2 (or later) d...
CVE-2024-45693
The CVE-2024-45693 issue affects Apache CloudStack where missing validation of the origin of requests enables Cross-Site Request Forgery in the web interface. This could allow an attacker to impersonate an authenticated user and gain privileges, potentially leading to account takeover and exposur...
CVE-2012-5616
CVE-2012-5616 affects Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform prior to 3.0.6, where sensitive data is logged in log4j.conf. This enables local users to obtain (1) SSH private keys from createSSHKeyPair, (2) host passwords from AddHost, and (3)/(4) VM passwords from DeployVM or...
CVE-2013-2136
Apache CloudStack UI contains multiple cross-site scripting (XSS) vulnerabilities in versions up to 4.1.0, allowing authenticated/remote attackers to inject arbitrary script or HTML via fields in Zone, Network, Instance, global settings, and other UI inputs. The issue is fixed by upgrading to Clo...
CVE-2024-45461
CVE-2024-45461 affects Apache CloudStack where the Quota feature is enabled. The issue is due to missing access-check enforcements, allowing non-administrative users to access and modify quota-related configurations and data. Affected ranges include 4.7.0–4.18.2.3 and 4.19.0.0–4.19.1.1 when the Q...
CVE-2014-0031
Apache CloudStack (vulnerable: before 4.2.1) exposes an information disclosure via the ListNetworkACL and listNetworkACLLists APIs. The issue, caused by how crafted requests allow remote authenticated users to list network ACLs for other users, can reveal ACLs not owned by the attacker. Impact is...
CVE-2013-4317
CVE-2013-4317 describes an information-disclosure vulnerability in Apache CloudStack versions 4.1.0 and 4.1.1 . When a regular, non-administrative user calls the CloudStack API operation listProjectAccounts , the user can view information for accounts other than their own. The connected Red Hat a...
CVE-2019-17562
Apache CloudStack baremetal component contains a buffer overflow (affecting all versions prior to 4.13.1) caused by inadequate validation of the mac parameter in baremetal virtual router. An attacker can inject shell commands via the mac field (example: /baremetal/provisiondone/{mac} with special...
CVE-2025-22829
Affected software: Apache CloudStack with the Quota plugin (version 4.20.0.0). Issue: Improper privilege management logic lets an authenticated user with access to specific APIs enable/disable quota‑related emails and list quota configurations for any account in environments where the plugin is e...
CVE-2012-4501
Summary of CVE-2012-4501 (CloudStack/Apache CloudStack) : A configuration vulnerability in development versions of CloudStack/OpenStack incubated CloudStack allowed an attacker to issue arbitrary API calls by abusing the system user account, including deleting VMs. The issue affected CloudStack c...
CVE-2015-3251
CVE-2015-3251 : In Apache CloudStack, versions before 4.5.2 allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified API-call vectors. The vulnerability is an information disclosure issue tied to the API surface used ...
CVE-2015-3252
Apache CloudStack vulnerability CVE-2015-3252 affects CloudStack before 4.5.2 (4.5.1 and earlier per CNVD). The issue arises from improper preservation of VNC passwords during KVM VM migrations, enabling a remote attacker to gain access by connecting to the VNC server. According to the sources, t...
CVE-2016-3085
CVE-2016-3085 affects Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1. When SAML-based authentication is enabled, remote attackers can bypass authentication and access the user interface via vectors related to the SAML plugin. The conne...
CVE-2013-6398
CVE-2013-6398 affects Apache CloudStack virtual routers prior to 4.2.1. After a restart, firewall rules’ source restrictions were not preserved, allowing a remote attacker to bypass restrictions and access network resources. Public sources in connected documents (NVD entry and security advisories...
CVE-2014-7807
Apache CloudStack is affected: versions 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allow unauthenticated LDAP binds when LDAP is configured, enabling login requests without a password and resulting in an unauthenticated bind. Remediation per the docs is to upgrade to 4.4.2 (or 4.3.2 in testing) or...
CVE-2014-9593
Apache CloudStack is affected by CVE-2014-9593: before 4.3.2 and 4.4.x before 4.4.2, the listSslCerts API call can disclose private keys. Likely impact is information disclosure of SSL private keys. The remediation in the connected records is to upgrade to CloudStack 4.3.2+ or 4.4.2+ (i.e., fixed...
CVE-2025-59302
CVE-2025-59302 concerns Apache CloudStack where code injection is possible via admin-only APIs: quotaTariffCreate, quotaTariffUpdate, createSecondaryStorageSelector, updateSecondaryStorageSelector, updateHost, and updateStorage. The issue arises from improper control of code generation. A fix fla...
CVE-2026-25199
The CVE describes a vulnerability in the Proxmox extension for Apache CloudStack (affecting 4.21.0.0–4.22.0.0) where the user-editable proxmox_vmid setting is not validated against tenant ownership. An unauthenticated attacker can modify proxmox_vmid to reference a VM owned by another account, gr...
CVE-2026-25077
CVE-2026-25077 affects Apache CloudStack with KVM deployments. Due to missing file name sanitization, account users can register templates for direct download to primary storage, enabling an attacker to execute arbitrary code on KVM hosts. This can compromise resource integrity and confidentialit...
CVE-2025-66467
CVE-2025-66467 affects Apache CloudStack in scenarios where MinIO policy cleanup is not performed on bucket deletion. The issue allows previous bucket owners to retain access to buckets they formerly owned: if another user creates a bucket with the same name, those prior owners can gain unauthori...
CVE-2025-66171
CVE-2025-66171 affects the CloudStack Backup plugin in CloudStack 4.21.0.0 and 4.22.0.0, where an improper access logic allows any authenticated user with access to specific APIs to create new VMs using backups belonging to other users. Public docs from NVD/CVE and EUVD- ENISA reiterate upgrade g...
CVE-2025-66172
The CVE pertains to CloudStack’s Backup plugin, affected in versions 4.21.0.0 to 4.22.0.0, where improper access logic allows any authenticated user in a CloudStack 4.21.0.0+ environment (with the plugin enabled and API access) to restore a volume from another user’s backups and attach it to thei...
CVE-2025-59454
In Apache CloudStack, a gap in access control checks allowed an authenticated user to access information beyond their intended scope via several APIs. Affected endpoints include createNetworkACL, listNetworkACLs, listResourceDetails, listVirtualMachinesUsageHistory, and listVolumesUsageHistory. T...
CVE-2025-66170
The CVE affects the CloudStack Backup plugin (versions 4.21.0.0 and 4.22.0.0). An improper authorization logic lets any authenticated user with access to the plugin’s APIs list backups from any account, though they cannot view the backup contents. The issue is resolved by upgrading to version 4.2...
CVE-2025-69233
CVE-2025-69233 affects Apache CloudStack and describes time-of-check/time-of-use race conditions in the resource count check and increment logic, along with missing validations, that allow users to exceed allocation limits for accounts/domains. This can enable an attacker to degrade infrastructur...