CVE-2024-45693

The CVE-2024-45693 issue affects Apache CloudStack where missing validation of the origin of requests enables Cross-Site Request Forgery in the web interface. This could allow an attacker to impersonate an authenticated user and gain privileges, potentially leading to account takeover and exposur...

CVE-2024-45462

The CVE describes an incomplete session invalidation in Apache CloudStack that allows a user with browser access to reuse an unexpired session after logout. Affected versions: 4.15.1.0–4.18.2.3 and 4.19.0.0–4.19.1.1. Mitigation per connected documents: upgrade to 4.18.2.4 or 4.19.1.2 (or later) d...