Primary

Context

Apache CloudStack Access Validation Vulnerability Allowing Unauthorized Annotation Management

Vulnerability

An access validation vulnerability has been identified in Apache CloudStack versions 4.16.0 and later. This issue allows users with knowledge of resource UUIDs to list and add comments (annotations) on resources they are authorized to access. While this vulnerability could lead to a loss of confidentiality if annotations contain privileged information, the overall impact is considered very low. CloudStack administrators can temporarily restrict access to the annotation management APIs for non-admin roles.

Impact

Exploitation of this vulnerability could result in unauthorized reading or modification of annotations on CloudStack resources, potentially exposing confidential information if annotations contain sensitive data.

Remediation

CloudStack administrators can disable the 'listAnnotations' and 'addAnnotation' API access for non-admin roles as a temporary measure.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.3

exploitability

5.2

remediation

8.3

relevance

0.0

threat

0.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.3

exploitability

5.2

remediation

8.3

relevance

0.0

threat

0.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache CloudStack Access Validation Vulnerability Allowing Unauthorized Annotation Management

Vulnerability

Impact

Remediation

Affected Products

Apache CloudStack

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating