The CloudStack PMC was notified of two issues found in Apache CloudStack versions prior to 4.0.2. An attacker with knowledge of CloudStack source code could gain unauthorized access to the console of another tenant's VM. Insecure hash values may lead to information disclosure. URLs generated by Apache CloudStack to provide console access to virtual machines contained a hash of a predictable sequence, the hash of which was generated with a weak algorithm. While not easy to leverage, this may allow a malicious user to gain unauthorized console access.
474f68a5ee05a485465b64d23eff7bcb693b5ef180963131a4b12caf5a15bc42
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed