Lucene search
K
ApacheCloudstack

9 matches found

CVE
CVE
added 2024/07/19 10:19 a.m.106 views

CVE-2024-41107

CVE-2024-41107 — Apache CloudStack: SAML Signature Exclusion Root cause: CloudStack’s SAML authentication can bypass signature checks when SAML is enabled, allowing spoofed, unsigned SAML responses to authenticate as a legitimate SAML-enabled user. Impact: In affected environments, an attacker ca...

8.1CVSS8.1AI score0.1776EPSS
CVE
CVE
added 2025/06/10 11:7 p.m.96 views

CVE-2025-47849

CVE-2025-47849 (Apache CloudStack) : Privilege escalation affects CloudStack versions 4.10.0.0 through 4.20.0.0. A malicious Domain Admin in the ROOT domain can obtain the API key and secret key of Admin-role accounts in the same domain, enabling impersonation and access to sensitive APIs and res...

8.8CVSS6.9AI score0.00499EPSS
CVE
CVE
added 2025/06/10 11:6 p.m.85 views

CVE-2025-47713

Apache CloudStack

8.8CVSS7.1AI score0.00499EPSS
CVE
CVE
added 2025/06/10 11:8 p.m.83 views

CVE-2025-26521

CVE-2025-26521 describes an information-disclosure flaw in Apache CloudStack where a project member can access the kubeadmin API key and secret for the creator’s CKS-based Kubernetes cluster, enabling impersonation and possible full compromise of the creator’s resources. Affected versions are pri...

8.1CVSS6.5AI score0.00596EPSS
Web
CVE
CVE
added 2024/10/16 7:52 a.m.66 views

CVE-2024-45693

The CVE-2024-45693 issue affects Apache CloudStack where missing validation of the origin of requests enables Cross-Site Request Forgery in the web interface. This could allow an attacker to impersonate an authenticated user and gain privileges, potentially leading to account takeover and exposur...

8.8CVSS8.1AI score0.00497EPSS
CVE
CVE
added 2024/10/16 7:55 a.m.63 views

CVE-2024-45219

Apache CloudStack CVE-2024-45219 concerns a KVM-related vulnerability where default user uploads/registrations of templates and volumes can bypass validation for KVM-compatible disks. The issue spans CloudStack versions 4.0.0–4.18.2.3 and 4.19.0.0–4.19.1.1, allowing an attacker who can upload or ...

8.5CVSS8.8AI score0.01229EPSS
CVE
CVE
added 2026/05/08 12:21 p.m.25 views

CVE-2026-25077

CVE-2026-25077 affects Apache CloudStack with KVM deployments. Due to missing file name sanitization, account users can register templates for direct download to primary storage, enabling an attacker to execute arbitrary code on KVM hosts. This can compromise resource integrity and confidentialit...

8.8CVSS6.2AI score0.00726EPSS
CVE
CVE
added 2026/05/08 12:16 p.m.23 views

CVE-2025-66467

CVE-2025-66467 affects Apache CloudStack in scenarios where MinIO policy cleanup is not performed on bucket deletion. The issue allows previous bucket owners to retain access to buckets they formerly owned: if another user creates a bucket with the same name, those prior owners can gain unauthori...

8.1CVSS5.8AI score0.00373EPSS
CVE
CVE
added 2026/05/08 12:13 p.m.19 views

CVE-2025-66172

The CVE pertains to CloudStack’s Backup plugin, affected in versions 4.21.0.0 to 4.22.0.0, where improper access logic allows any authenticated user in a CloudStack 4.21.0.0+ environment (with the plugin enabled and API access) to restore a volume from another user’s backups and attach it to thei...

8.1CVSS5.8AI score0.00512EPSS