Cloudstack@4.10.0.0 Security Vulnerabilities and Issues — Cloudstack@4.10.0.0 CVE List

Lucene search

ApacheCloudstack4.10.0.0

3 matches found

CVE•added 2025/06/10 11:15 p.m.•66 views

CVE-2025-47849

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and al...

8.8CVSS6.9AI score0.00055EPSS

CVE•added 2025/06/10 11:15 p.m.•64 views

CVE-2025-47713

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume con...

8.8CVSS7.1AI score0.00055EPSS

CVE•added 2024/08/07 8:16 a.m.•62 views

CVE-2024-42062

CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that a...

7.2CVSS7.8AI score0.00098EPSS