CVE-2024-42062

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 7, 2024
Updated: Oct 11, 2024
CWE ID 863

Summary

CVE-2024-42062 is a vulnerability affecting Apache CloudStack versions 4.10.0 to 4.19.1.0. Due to an access permission validation issue, domain admin accounts can query all registered account-users' API keys and secrets. This allows an attacker with domain admin access to gain root admin and other-account privileges, potentially leading to resource compromise, data loss, denial of service, and availability issues. To mitigate this risk, users should upgrade to CloudStack versions 4.18.2.3 or 4.19.1.1, and regenerate all account-user API and secret keys.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache CloudStack

Affected Vendors

  • Apache Software Foundation