CVE-2024-42222

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache CloudStack version 4.19.1.0

Description The issue is related to a regression in the network listing API, allowing unauthorized list access of network details for domain admin and normal user accounts. This compromises tenant isolation, potentially leading to unauthorized access to network details, configurations, and data.

Recommendations For Apache CloudStack version 4.19.1.0, upgrade to version 4.19.1.1 to address this issue. Users on older versions of CloudStack considering an upgrade can skip version 4.19.1.0 and upgrade directly to 4.19.1.1.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2024-06431

CVE-2024-42222

Affected Products

Apache Cloudstack

CVE-2024-42222

Weakness Enumeration

Related Identifiers

Affected Products

References · 11