Lucene search
K
ApacheCloudstack

6 matches found

CVE
CVE
added 2024/04/04 7:51 a.m.74 views

CVE-2024-29008

CVE-2024-29008 concerns Apache CloudStack’s extraconfig (additional VM configuration) feature. In KVM environments, incorrect access control allows users who can deploy or modify VMs to configure extra VM settings even when the feature is disabled, enabling attachment of host devices (storage dis...

6.4CVSS6.5AI score0.00619EPSS
CVE
CVE
added 2024/10/16 7:54 a.m.57 views

CVE-2024-45461

CVE-2024-45461 affects Apache CloudStack where the Quota feature is enabled. The issue is due to missing access-check enforcements, allowing non-administrative users to access and modify quota-related configurations and data. Affected ranges include 4.7.0–4.18.2.3 and 4.19.0.0–4.19.1.1 when the Q...

6.3CVSS5.7AI score0.00708EPSS
CVE
CVE
added 2016/06/10 3:0 p.m.52 views

CVE-2016-3085

CVE-2016-3085 affects Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1. When SAML-based authentication is enabled, remote attackers can bypass authentication and access the user interface via vectors related to the SAML plugin. The conne...

6.5CVSS6.5AI score0.02861EPSS
CVE
CVE
added 2026/05/08 12:11 p.m.22 views

CVE-2025-66171

CVE-2025-66171 affects the CloudStack Backup plugin in CloudStack 4.21.0.0 and 4.22.0.0, where an improper access logic allows any authenticated user with access to specific APIs to create new VMs using backups belonging to other users. Public docs from NVD/CVE and EUVD- ENISA reiterate upgrade g...

6.5CVSS5.8AI score0.0053EPSS
CVE
CVE
added 2026/05/08 12:19 p.m.20 views

CVE-2025-69233

CVE-2025-69233 affects Apache CloudStack and describes time-of-check/time-of-use race conditions in the resource count check and increment logic, along with missing validations, that allow users to exceed allocation limits for accounts/domains. This can enable an attacker to degrade infrastructur...

6.5CVSS5.7AI score0.00433EPSS
CVE
CVE
added 2026/05/08 12:6 p.m.18 views

CVE-2025-66170

The CVE affects the CloudStack Backup plugin (versions 4.21.0.0 and 4.22.0.0). An improper authorization logic lets any authenticated user with access to the plugin’s APIs list backups from any account, though they cannot view the backup contents. The issue is resolved by upgrading to version 4.2...

6.5CVSS5.8AI score0.00486EPSS