Cloudstack Security Vulnerabilities and Issues — Cloudstack CVE List

Lucene search

ApacheCloudstack

4 matches found

CVE•added 2024/10/16 8:15 a.m.•45 views

CVE-2024-45219

Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 ...

8.5CVSS8.8AI score0.01774EPSS

CVE•added 2024/10/16 8:15 a.m.•41 views

CVE-2024-45461

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access...

6.3CVSS5.7AI score0.00136EPSS

CVE•added 2024/10/16 8:15 a.m.•40 views

CVE-2024-45693

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to account takeover, disrup...

8.8CVSS8.1AI score0.0006EPSS

CVE•added 2024/10/16 8:15 a.m.•38 views

CVE-2024-45462

The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain access to resources owned by the logged out us...

7.1CVSS6.5AI score0.00051EPSS