Apache CloudStack
Moderate fix3 remedies
cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*
Moderate fix3 remedies
- >= 4.0.0, <= 4.19.2.0
- >= 4.0.0, <= 4.20.0.0
- >= 4.10.0.0, <= 4.19.2.0
- >= 4.10.0.0, <= 4.20.0.0
- 4.20.0.0
Apache CloudStack Access Control Vulnerability in listTemplates and listIsos APIs
Vulnerability
Patched
An access control vulnerability has been identified in Apache CloudStack, specifically in the listTemplates and listIsos APIs. This issue allows a malicious Domain Admin or Resource Admin to gain unauthorized visibility into templates and ISOs under the ROOT domain. By specifying the 'domainid' parameter along with 'filter=self' or 'filter=selfexecutable' values, the attacker can enumerate and extract metadata of templates and ISOs from unrelated domains, violating isolation boundaries and potentially exposing sensitive internal configuration details. This vulnerability affects Apache CloudStack versions 4.0.0 through 4.19.2.0 and 4.10.0.0 through 4.20.0.0.
Impact
Exploitation of this vulnerability allows for unauthorized access to and enumeration of templates and ISOs across different domains, potentially exposing sensitive metadata and internal configuration details.
Remediation
Users are advised to upgrade to Apache CloudStack versions 4.19.3.0 or 4.20.1.0, both of which address this vulnerability. Instructions for upgrading are available in the release notes for these versions.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
6.2impact
2.5exploitability
4.8remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.