CVE-2024-42062
CVSS 3.1 Score 7.2 of 10 (high)
Details
Published Aug 7, 2024
Updated: Oct 11, 2024
CWE ID 863
Summary
CVE-2024-42062 is a vulnerability affecting Apache CloudStack versions 4.10.0 to 4.19.1.0. Due to an access permission validation issue, domain admin accounts can query all registered account-users' API keys and secrets. This allows an attacker with domain admin access to gain root admin and other-account privileges, potentially leading to resource compromise, data loss, denial of service, and availability issues. To mitigate this risk, users should upgrade to CloudStack versions 4.18.2.3 or 4.19.1.1, and regenerate all account-user API and secret keys.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Apache CloudStack
Affected Vendors
- Apache Software Foundation