Apache CloudStack
Moderate fix2 remedies
cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 4.10.0.0, <= 4.19.2.0
- >= 4.10.0.0, <= 4.20.0.0
Apache CloudStack Privilege Escalation Vulnerability Allowing Domain Admins to Access Admin API Keys
Vulnerability
Patched
A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 prior to 4.20.0.0. A malicious Domain Admin user in the ROOT domain can access the API key and secret key of Admin role user accounts within the same domain. This vulnerability allows the attacker to impersonate higher-privileged users and gain access to sensitive APIs and resources, potentially compromising the integrity and confidentiality of resources, leading to data loss, and causing denial-of-service issues on CloudStack-managed infrastructure.
Impact
Exploitation allows a Domain Admin to impersonate an Admin user, accessing sensitive APIs and resources, which could compromise resource integrity and confidentiality, cause data loss, and disrupt the availability of CloudStack-managed infrastructure.
Remediation
Users are advised to upgrade to Apache CloudStack versions 4.19.3.0 or 4.20.1.0, both of which address this vulnerability. Instructions for upgrading and downloading these versions are available on the Apache CloudStack website.
Added: Jun 10, 2025, 11:19 PM
Updated: Jun 10, 2025, 11:19 PM
Vulnerability Rating
Custom Algorithm
spread
6.2impact
7.5exploitability
5.2remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.