Apache Cloudstack
Monthly
Authenticated CloudStack users can hijack volumes from other tenants' backups via the Backup plugin in versions 4.21.0.0 and 4.22.0.0. Attackers with low-privileged authenticated access can restore any user's backup volume and attach it to their own VMs, enabling complete data theft across tenant boundaries in multi-tenant environments. CVSS 8.1 reflects high confidentiality and integrity impact with low attack complexity. EPSS score of 0.01% indicates minimal observed exploitation activity, while SSVC assessment confirms non-automatable, partial technical impact with no known exploitation. Apache released patch version 4.22.0.1 addressing the access control flaw.
Improper access control in the CloudStack Backup plugin allows authenticated users in CloudStack 4.21.0.0 through 4.22.0.0 to create new virtual machines using backups belonging to other users, enabling unauthorized data access and VM provisioning. The vulnerability requires valid CloudStack credentials and access to specific backup-related APIs but carries elevated risk in multi-tenant environments. Vendor-released patch available in CloudStack 4.22.0.1.
Improper authorization logic in the CloudStack Backup plugin allows authenticated users to enumerate backups from any account in the environment across versions 4.21.0.0 through 4.22.0.0. An attacker with valid user credentials can exploit this to gain unauthorized visibility into backup metadata and existence across all accounts, though backup contents remain protected. The vulnerability requires the Backup plugin to be enabled and affects multi-tenant CloudStack environments where account isolation is a critical security boundary.
Authenticated CloudStack users can hijack volumes from other tenants' backups via the Backup plugin in versions 4.21.0.0 and 4.22.0.0. Attackers with low-privileged authenticated access can restore any user's backup volume and attach it to their own VMs, enabling complete data theft across tenant boundaries in multi-tenant environments. CVSS 8.1 reflects high confidentiality and integrity impact with low attack complexity. EPSS score of 0.01% indicates minimal observed exploitation activity, while SSVC assessment confirms non-automatable, partial technical impact with no known exploitation. Apache released patch version 4.22.0.1 addressing the access control flaw.
Improper access control in the CloudStack Backup plugin allows authenticated users in CloudStack 4.21.0.0 through 4.22.0.0 to create new virtual machines using backups belonging to other users, enabling unauthorized data access and VM provisioning. The vulnerability requires valid CloudStack credentials and access to specific backup-related APIs but carries elevated risk in multi-tenant environments. Vendor-released patch available in CloudStack 4.22.0.1.
Improper authorization logic in the CloudStack Backup plugin allows authenticated users to enumerate backups from any account in the environment across versions 4.21.0.0 through 4.22.0.0. An attacker with valid user credentials can exploit this to gain unauthorized visibility into backup metadata and existence across all accounts, though backup contents remain protected. The vulnerability requires the Backup plugin to be enabled and affects multi-tenant CloudStack environments where account isolation is a critical security boundary.