Primary

Context

Apache CloudStack Backup Plugin Improper Authorization Vulnerability

Vulnerability

Patched

A vulnerability exists in the CloudStack Backup plugin in Apache CloudStack versions 4.21.0.0 and 4.22.0.0, due to improper authorization logic. In environments where this plugin is enabled, authenticated users can access specific APIs to list backups from any account. However, this vulnerability does not allow access to the contents of the backups.

Impact

Exploitation of this vulnerability allows unauthorized access to backup lists from other accounts, potentially leading to misuse of backup data.

Remediation

Users are advised to upgrade to Apache CloudStack version 4.22.0.1 or later, which addresses this vulnerability.

Added: May 8, 2026, 1:33 PM

Updated: May 8, 2026, 1:33 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.3

exploitability

5.2

remediation

7.9

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.3

exploitability

5.2

remediation

7.9

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache CloudStack Backup Plugin Improper Authorization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache CloudStack

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating