-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CVE-2015-3251: Apache CloudStack VM Credential Exposure CVSS v2: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P) Vendors: The Apache Software Foundation Citrix, Inc. Versions Afffected: Apache CloudStack 4.4.4, 4.5.1 Description: Apache CloudStack provides an API for managing network, compute, storage, and user aspects of a CloudStack cloud. Under certain circumstances, the results of certain API calls may expose the root password for a virtual machine related to an API call. This exposure only happens when the API calls of concern are authenticated with CloudStack's "root" or "domain administrator" level users. Mitigation: Users of Apache CloudStack should update to at least 4.5.2 or 4.6.0. Additionally ensure non-administrative users do not have root or domain-administrator level accounts. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJWs/YVAAoJELAo8zo1KBbt+wwP/37SL6e157Hil+unxdV2eqIv swtRKbEAn6EHRU8xbN+nX/CqbRoonNY8xRAh2R3t6qMjvQwma+fNjKYrQRY476Vr m4pib/zBf10/lvb2oLppMPMDuAA0ri24UCD/iGS+9aRq72nphDudgxAHHySo9xki MyJM7Pih+2DkBAbBkQfgxq3juIIc6kgTfdQnKDTrCAMqrD5hSAEjWkfdoKdaRBwn iMnueNcu0TAyUFpFKz/mbKX4K1ZN7CKykhWGzZI3CO5Cze9u7HfbuqI4Dh2YOWIR 94dQHcGUEAg6d4laL/R0k2PsWSKAjhlwrATC7Th1+N4JR67SxskM9zNDpi7qU7zp DKqXHbgJ32KH1V0jD/aoGFEgsusUzuJ9yNRX3Mr4TVyfPmTzN1w/NtKl/tqJidba Mxv8KJFTtOY5OnuD01tnoLIUPXxQcw6uS0Zoqg8ns0TqkdTCW5BmnhLfNfIb9dlp /zYNl/wFKGv68x6YZmWme6bXNg7l1KKYnK0Yb6Po7JX6k94/vAsMTsPkgdGjTq7L HqdnwvAAiqEloWZe8trrzMqSRdr6TKhSTWqN3yWaMqQEml/VakCDYGrdd+rDdp/P ++zqLsDUXTaTsipYM/e/oipRtRcHa/TXxERMcH0S4R2rId2mk6X2fyHGoar7p/oG /Ef3ZKcqB6rxdzKYLEV7 =t8DZ -----END PGP SIGNATURE-----