CVE-2024-45461

CWE-862 — Missing Authorization CWE-269 — Improper Privilege Management3 documents3 sources

Severity

6.3MEDIUM

EPSS

0.1%

top 65.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Cloudstack Apache Software Foundation Apache Cloudstack Quota Plugin

Timeline

PublishedOct 16

Description

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled. Users are …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:LExploitability: 0.9 | Impact: 4.7

Affected Packages2 packages

▶CVEListV5apache_software_foundation/apache_cloudstack_quota_plugin4.7.0 — 4.18.2.3+1

▶NVDapache/cloudstack4.7.0 — 4.18.2.4+1

🔴Vulnerability Details

CVEList

Apache CloudStack Quota plugin: Access checks not enforced in Quota↗2024-10-16

▶

GHSA

GHSA-65m9-gc53-3g6g: The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default↗2024-10-16

▶