Lucene search
K

8 matches found

CVE
CVE
added 2025/01/13 12:47 p.m.120 views

CVE-2025-22828

CVE-2025-22828 affects Apache CloudStack 4.16.0 and later. An access validation issue lets users with access or prior knowledge of resource UUIDs list or add comments (annotations) on resources they are authorized to access, potentially reading or injecting comments that could disclose privileged...

4.3CVSS6.3AI score0.01912EPSS
CVE
CVE
added 2025/06/10 11:7 p.m.97 views

CVE-2025-47849

CVE-2025-47849 (Apache CloudStack) : Privilege escalation affects CloudStack versions 4.10.0.0 through 4.20.0.0. A malicious Domain Admin in the ROOT domain can obtain the API key and secret key of Admin-role accounts in the same domain, enabling impersonation and access to sensitive APIs and res...

8.8CVSS6.9AI score0.00499EPSS
CVE
CVE
added 2025/06/10 11:6 p.m.86 views

CVE-2025-47713

Apache CloudStack

8.8CVSS7.1AI score0.00499EPSS
CVE
CVE
added 2025/06/10 11:8 p.m.83 views

CVE-2025-26521

CVE-2025-26521 describes an information-disclosure flaw in Apache CloudStack where a project member can access the kubeadmin API key and secret for the creator’s CKS-based Kubernetes cluster, enabling impersonation and possible full compromise of the creator’s resources. Affected versions are pri...

8.1CVSS6.5AI score0.00596EPSS
Web
CVE
CVE
added 2025/06/10 11:12 p.m.67 views

CVE-2025-30675

CVE-2025-30675 in Apache CloudStack affects the listTemplates and listIsos APIs due to a flawed access-control check when domainid is specified with filters self or selfexecutable. The issue allows a Domain Admin or Resource Admin to enumerate templates/ISOs in unrelated domains, breaching isolat...

4.7CVSS4.8AI score0.00568EPSS
CVE
CVE
added 2025/06/10 11:11 p.m.53 views

CVE-2025-22829

Affected software: Apache CloudStack with the Quota plugin (version 4.20.0.0). Issue: Improper privilege management logic lets an authenticated user with access to specific APIs enable/disable quota‑related emails and list quota configurations for any account in environments where the plugin is e...

4.3CVSS6.5AI score0.00692EPSS
CVE
CVE
added 2025/11/27 11:46 a.m.29 views

CVE-2025-59302

CVE-2025-59302 concerns Apache CloudStack where code injection is possible via admin-only APIs: quotaTariffCreate, quotaTariffUpdate, createSecondaryStorageSelector, updateSecondaryStorageSelector, updateHost, and updateStorage. The issue arises from improper control of code generation. A fix fla...

4.7CVSS7AI score0.00398EPSS
CVE
CVE
added 2025/11/27 11:40 a.m.17 views

CVE-2025-59454

In Apache CloudStack, a gap in access control checks allowed an authenticated user to access information beyond their intended scope via several APIs. Affected endpoints include createNetworkACL, listNetworkACLs, listResourceDetails, listVirtualMachinesUsageHistory, and listVolumesUsageHistory. T...

4.3CVSS6.2AI score0.00314EPSS