In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data. Affected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1.
History

Thu, 29 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache cloudstack
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:apache:cloudstack:4.19.1.0:*:*:*:*:*:*:*
Vendors & Products Apache
Apache cloudstack
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


Wed, 07 Aug 2024 15:30:00 +0000

Type Values Removed Values Added
References

Wed, 07 Aug 2024 07:30:00 +0000

Type Values Removed Values Added
Description In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data. Affected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1.
Title Apache CloudStack: Unauthorised Network List Access
Weaknesses CWE-200
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-08-07T07:16:13.765Z

Updated: 2024-08-07T14:57:58.383Z

Reserved: 2024-07-30T05:26:40.956Z

Link: CVE-2024-42222

cve-icon Vulnrichment

Updated: 2024-08-07T08:03:19.466Z

cve-icon NVD

Status : Modified

Published: 2024-08-07T08:16:12.473

Modified: 2024-11-21T09:33:45.030

Link: CVE-2024-42222

cve-icon Redhat

No data.