CVE-2024-42222

CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.5%

top 33.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Cloudstack Apache Cloudstack

Timeline

PublishedAug 7

Description

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for domain admin and normal user accounts. This vulnerability compromises tenant isolation, potentially leading to unauthorised access to network details, configurations and data. Affected users are advised to upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering to upgrade, can skip 4.19.1.0 and upgrade directly to 4.19.1.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDapache/cloudstack4.19.1.0

▶CVEListV5apache_software_foundation/apache_cloudstack4.19.1.0

🔴Vulnerability Details

GHSA

GHSA-2p5q-hvc3-c85p: In Apache CloudStack 4↗2024-08-07

▶

CVEList

Apache CloudStack: Unauthorised Network List Access↗2024-08-07

▶