Cloudstack
by Apache
Source repositories
CVEs (45)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-26521 | 0.00 | — | 0.01 | Jun 10, 2025 | When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can… | |||
| CVE-2025-47849 | 0.00 | — | 0.00 | Jun 10, 2025 | A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not… | |||
| CVE-2025-47713 | 0.00 | — | 0.00 | Jun 10, 2025 | A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the… | |||
| CVE-2024-50386 | 0.00 | — | 0.01 | Nov 12, 2024 | Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through… | |||
| CVE-2024-45219 | 0.00 | — | 0.01 | Oct 16, 2024 | Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack… | |||
| CVE-2024-45461 | 0.00 | — | 0.01 | Oct 16, 2024 | The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user… | |||
| CVE-2024-45462 | 0.00 | — | 0.00 | Oct 16, 2024 | The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain access to resources owned… | |||
| CVE-2024-45693 | 0.00 | — | 0.01 | Oct 16, 2024 | Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to… | |||
| CVE-2024-42062 | 0.00 | — | 0.01 | Aug 7, 2024 | CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission… | |||
| CVE-2024-42222 | 0.00 | — | 0.01 | Aug 7, 2024 | In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details,… | |||
| CVE-2024-41107 | 0.00 | — | 0.18 | Jul 19, 2024 | The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a… | |||
| CVE-2024-38346 | 0.00 | — | 0.03 | Jul 5, 2024 | The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in… | |||
| CVE-2024-39864 | 0.00 | — | 0.02 | Jul 5, 2024 | The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port… | |||
| CVE-2024-29008 | 0.00 | — | 0.01 | Apr 4, 2024 | A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when… | |||
| CVE-2024-29007 | 0.00 | — | 0.01 | Apr 4, 2024 | The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to… | |||
| CVE-2024-29006 | 0.00 | — | 0.01 | Apr 4, 2024 | By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are… | |||
| CVE-2022-26779 | 0.00 | — | 0.03 | Mar 15, 2022 | Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is… | |||
| CVE-2019-17562 | 0.00 | — | 0.03 | May 14, 2020 | A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell… | |||
| CVE-2014-9593 | 0.00 | — | 0.03 | Jan 15, 2015 | Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call. | |||
| CVE-2014-7807 | 0.00 | — | 0.03 | Dec 10, 2014 | Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind. |
- CVE-2025-26521Jun 10, 2025risk 0.00cvss —epss 0.01
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can…
- CVE-2025-47849Jun 10, 2025risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not…
- CVE-2025-47713Jun 10, 2025risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the…
- CVE-2024-50386Nov 12, 2024risk 0.00cvss —epss 0.01
Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage for deploying instances. Due to missing validation checks for KVM-compatible templates in CloudStack 4.0.0 through 4.18.2.4 and 4.19.0.0 through…
- CVE-2024-45219Oct 16, 2024risk 0.00cvss —epss 0.01
Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack…
- CVE-2024-45461Oct 16, 2024risk 0.00cvss —epss 0.01
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user…
- CVE-2024-45462Oct 16, 2024risk 0.00cvss —epss 0.00
The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by time or restart of the backend service. An attacker that has access to a user's browser can use an unexpired session to gain access to resources owned…
- CVE-2024-45693Oct 16, 2024risk 0.00cvss —epss 0.01
Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation of the origin of the requests. This can allow an attacker to gain privileges and access to resources of the authenticated users and may lead to…
- CVE-2024-42062Aug 7, 2024risk 0.00cvss —epss 0.01
CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission…
- CVE-2024-42222Aug 7, 2024risk 0.00cvss —epss 0.01
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details,…
- CVE-2024-41107Jul 19, 2024risk 0.00cvss —epss 0.18
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a…
- CVE-2024-38346Jul 5, 2024risk 0.00cvss —epss 0.03
The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on targeted hypervisors and CloudStack management server hosts. Some of these commands were found to have command injection vulnerabilities that can result in…
- CVE-2024-39864Jul 5, 2024risk 0.00cvss —epss 0.02
The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port…
- CVE-2024-29008Apr 4, 2024risk 0.00cvss —epss 0.01
A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone who has privilege to deploy a VM instance or configure settings of an already deployed VM instance, to configure additional VM configuration even when…
- CVE-2024-29007Apr 4, 2024risk 0.00cvss —epss 0.01
The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources by means of following 301 HTTP redirects presented by external servers when downloading templates or ISOs. Users are recommended to upgrade to…
- CVE-2024-29006Apr 4, 2024risk 0.00cvss —epss 0.01
By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request. This could lead to authentication bypass and other operational problems should an attacker decide to spoof their IP address this way. Users are…
- CVE-2022-26779Mar 15, 2022risk 0.00cvss —epss 0.03
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is…
- CVE-2019-17562May 14, 2020risk 0.00cvss —epss 0.03
A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell…
- CVE-2014-9593Jan 15, 2015risk 0.00cvss —epss 0.03
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.
- CVE-2014-7807Dec 10, 2014risk 0.00cvss —epss 0.03
Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.
Page 2 of 3