The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled.
Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting "quota.enable.service" to "false".
Metrics
Affected Vendors & Products
References
History
Thu, 17 Oct 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache cloudstack |
|
Weaknesses | CWE-862 | |
CPEs | cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache cloudstack |
Wed, 16 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 16 Oct 2024 08:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting "quota.enable.service" to "false". | |
Title | Apache CloudStack Quota plugin: Access checks not enforced in Quota | |
Weaknesses | CWE-269 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-10-16T07:54:15.484Z
Updated: 2024-10-16T14:50:22.959Z
Reserved: 2024-08-29T08:55:51.392Z
Link: CVE-2024-45461
Vulnrichment
Updated: 2024-10-16T08:03:40.636Z
NVD
Status : Analyzed
Published: 2024-10-16T08:15:05.717
Modified: 2024-10-17T20:50:10.550
Link: CVE-2024-45461
Redhat
No data.