CVE-2024-42222: Apache CloudStack: Unauthorised Network List Access
First published: Tue Aug 06 2024(Updated: )
In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data. Affected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache CloudStack | =4.19.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3
- https://github.com/apache/cloudstack/issues/9456
- https://lists.apache.org/thread/lxqtfd6407prbw3801hb4fz3ot3t8wlj
- https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-3-and-4-19-1-1/
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-42222
- agent/title
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/event
- agent/source
- agent/tags
- agent/trending
- vendor/apache
- canonical/apache cloudstack
- version/apache cloudstack/4.19.1.0