Primary

Context

Apache CloudStack Backup Plugin Improper Access Vulnerability Allowing Unauthorized Volume Restoration and Attachment

Vulnerability

Patched

A vulnerability in the Apache CloudStack Backup plugin, present in versions 4.21.0.0 and 4.22.0.0, allows users with authenticated accounts to improperly access and restore volumes from other users' backups. This restored volume can then be attached to the user's own virtual machines. The issue arises from flawed access logic in the backup plugin, enabled in specific CloudStack environments.

Impact

Exploitation of this vulnerability allows unauthorized users to access, restore, and attach volumes from other users' backups to their own virtual machines, potentially leading to data exposure or misuse of resources.

Remediation

Users are advised to upgrade to Apache CloudStack version 4.22.0.1 or later, which addresses this vulnerability.

Added: May 8, 2026, 1:43 PM

Updated: May 8, 2026, 1:43 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

3.1

exploitability

5.2

remediation

8.3

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

3.1

exploitability

5.2

remediation

8.3

relevance

7.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache CloudStack Backup Plugin Improper Access Vulnerability Allowing Unauthorized Volume Restoration and Attachment

Vulnerability

Impact

Remediation

Affected Products

Apache CloudStack

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating