Evilashz

**Name of the Vulnerable Software and Affected Versions** ZStack Cloud versions 3.10.38 and before **Description** The issue allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these, leading to privilege escalation. **Recommendations** For ZStack Cloud versions 3.10.38 and before, as a temporary workaround, consider restricting access to the API endpoints that provide the list of active job UUIDs and session IDs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.