Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-09-17T00:26:36.412Z

Reserved: 2016-08-12T00:00:00

Link: CVE-2016-6813

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-02-06T14:29:00.300

Modified: 2024-11-21T02:56:52.963

Link: CVE-2016-6813

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.