Bugreporter@Qq.Com

**Name of the Vulnerable Software and Affected Versions** Apache CloudStack versions prior to 4.20.2.0 Apache CloudStack versions prior to 4.22.0.0 **Description** A flaw in access control checks within Apache CloudStack allowed authorized users to potentially access information beyond their intended scope. This issue affected several APIs, including `createNetworkACL`, `listNetworkACLs`, `listResourceDetails`, `listVirtualMachinesUsageHistory`, and `listVolumesUsageHistory`. Insufficient permission validation was identified as the root cause. **Recommendations** Upgrade to Apache CloudStack version 4.20.2.0. Upgrade to Apache CloudStack version 4.22.0.0.