Lucene search
K
ApacheCloudstack

10 matches found

CVE
CVE
added 2025/01/13 12:47 p.m.120 views

CVE-2025-22828

CVE-2025-22828 affects Apache CloudStack 4.16.0 and later. An access validation issue lets users with access or prior knowledge of resource UUIDs list or add comments (annotations) on resources they are authorized to access, potentially reading or injecting comments that could disclose privileged...

4.3CVSS6.3AI score0.01912EPSS
CVE
CVE
added 2024/08/07 7:16 a.m.80 views

CVE-2024-42222

CVE-2024-42222 affects Apache CloudStack 4.19.1.0, where a regression in the network listing API allows unauthorised listing of network details for domain admins and normal users, compromising tenant isolation and potentially exposing network configurations and data. The issue has been fixed in C...

4.3CVSS7AI score0.00972EPSS
CVE
CVE
added 2025/06/10 11:12 p.m.67 views

CVE-2025-30675

CVE-2025-30675 in Apache CloudStack affects the listTemplates and listIsos APIs due to a flawed access-control check when domainid is specified with filters self or selfexecutable. The issue allows a Domain Admin or Resource Admin to enumerate templates/ISOs in unrelated domains, breaching isolat...

4.7CVSS4.8AI score0.00568EPSS
CVE
CVE
added 2013/08/19 11:0 p.m.58 views

CVE-2013-2136

Apache CloudStack UI contains multiple cross-site scripting (XSS) vulnerabilities in versions up to 4.1.0, allowing authenticated/remote attackers to inject arbitrary script or HTML via fields in Zone, Network, Instance, global settings, and other UI inputs. The issue is fixed by upgrading to Clo...

4.3CVSS5.8AI score0.04051EPSS
CVE
CVE
added 2014/01/14 6:0 p.m.56 views

CVE-2014-0031

Apache CloudStack (vulnerable: before 4.2.1) exposes an information disclosure via the ListNetworkACL and listNetworkACLLists APIs. The issue, caused by how crafted requests allow remote authenticated users to list network ACLs for other users, can reveal ACLs not owned by the attacker. Impact is...

4CVSS6.4AI score0.02151EPSS
CVE
CVE
added 2018/02/06 2:0 p.m.54 views

CVE-2013-4317

CVE-2013-4317 describes an information-disclosure vulnerability in Apache CloudStack versions 4.1.0 and 4.1.1 . When a regular, non-administrative user calls the CloudStack API operation listProjectAccounts , the user can view information for accounts other than their own. The connected Red Hat a...

4.3CVSS4.5AI score0.01196EPSS
CVE
CVE
added 2025/06/10 11:11 p.m.53 views

CVE-2025-22829

Affected software: Apache CloudStack with the Quota plugin (version 4.20.0.0). Issue: Improper privilege management logic lets an authenticated user with access to specific APIs enable/disable quota‑related emails and list quota configurations for any account in environments where the plugin is e...

4.3CVSS6.5AI score0.00692EPSS
CVE
CVE
added 2016/02/08 7:0 p.m.51 views

CVE-2015-3251

CVE-2015-3251 : In Apache CloudStack, versions before 4.5.2 allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified API-call vectors. The vulnerability is an information disclosure issue tied to the API surface used ...

4.9CVSS4.7AI score0.02454EPSS
CVE
CVE
added 2025/11/27 11:46 a.m.29 views

CVE-2025-59302

CVE-2025-59302 concerns Apache CloudStack where code injection is possible via admin-only APIs: quotaTariffCreate, quotaTariffUpdate, createSecondaryStorageSelector, updateSecondaryStorageSelector, updateHost, and updateStorage. The issue arises from improper control of code generation. A fix fla...

4.7CVSS7AI score0.00398EPSS
CVE
CVE
added 2025/11/27 11:40 a.m.17 views

CVE-2025-59454

In Apache CloudStack, a gap in access control checks allowed an authenticated user to access information beyond their intended scope via several APIs. Affected endpoints include createNetworkACL, listNetworkACLs, listResourceDetails, listVirtualMachinesUsageHistory, and listVolumesUsageHistory. T...

4.3CVSS6.2AI score0.00314EPSS