Apache · Apache Cloudstack · CVE-2024-42222
**Name of the Vulnerable Software and Affected Versions**
Apache CloudStack version 4.19.1.0
**Description**
The issue is related to a regression in the network listing API, allowing unauthorized list access of network details for domain admin and normal user accounts. This compromises tenant isolation, potentially leading to unauthorized access to network details, configurations, and data.
**Recommendations**
For Apache CloudStack version 4.19.1.0, upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering an upgrade can skip version 4.19.1.0 and upgrade directly to 4.19.1.1.