CVE-2024-42222

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Aug 7, 2024

Updated: Aug 29, 2024

CWE ID 200

Summary

CVE-2024-42222 is a vulnerability affecting Apache CloudStack 4.19.1.0. A regression in the network listing API has been identified, granting unauthorized access to network details for both domain admin and normal user accounts. This issue undermines tenant isolation, potentially exposing network configurations and data to unauthorized access. To mitigate the risk, users should upgrade to version 4.19.1.1. Those on older versions considering an upgrade, can directly advance to 4.19.1.1, bypassing 4.19.1.0.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache CloudStack

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xVa5iI
https://www.cve.org/CVERecord?id=CVE-2024-42222
https://nvd.nist.gov/vuln/detail/CVE-2024-42222

Back to Vulnerability Database