Apache CloudStack Privilege Escalation Vulnerability Allowing Domain Admins to Reset Admin Passwords

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 prior to 4.20.0.0. In this vulnerability, a malicious Domain Admin user in the ROOT domain can reset the passwords of user accounts with Admin roles. This flaw allows the attacker to take control of higher-privileged accounts, impersonate Admin users, and access sensitive APIs and resources, potentially compromising resource integrity and confidentiality, leading to data loss, denial of service, and availability issues in CloudStack-managed infrastructure.

Impact

Exploitation of this vulnerability allows a Domain Admin to reset Admin passwords, gain control over Admin accounts, and access sensitive APIs and resources, which could result in significant disruptions and data management issues within the CloudStack environment.

Remediation

Users are advised to upgrade to Apache CloudStack versions 4.19.3.0 or 4.20.1.0, both of which address this vulnerability. Instructions for upgrading and downloading these versions are available on the Apache CloudStack website and through the Apache CloudStack download page.