CVE-2024-45461

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.7.0 through 4.18.2.3 Apache CloudStack versions 4.19.0.0 through 4.19.1.1

Description: The CloudStack Quota feature, which is disabled by default, allows cloud administrators to implement a quota or usage limit system for cloud resources. However, due to missing access check enforcements, non-administrative CloudStack user accounts can access and modify quota-related configurations and data when the feature is enabled.

Recommendations: For Apache CloudStack versions 4.7.0 through 4.18.2.3, upgrade to Apache CloudStack 4.18.2.4 or later. For Apache CloudStack versions 4.19.0.0 through 4.19.1.1, upgrade to Apache CloudStack 4.19.1.2 or later. Alternatively, users that do not use the Quota feature can disable the plugin by setting the global setting quota.enable.service to false.