Apache CloudStack User Key Exposure and Unauthorized Network Access Vulnerabilities (CVE-2024-42062/42222)

From this webpage screenshot, the following key information about the vulnerabilities can be obtained: 1. Vulnerability IDs and Descriptions: - CVE-2024-42062: User keys exposed to domain administrators. - CVE-2024-42222: Unauthorized access to network list. 2. Impact of Vulnerabilities: - Exposure of user keys to domain administrators may lead to issues affecting resource integrity, confidentiality, data loss, denial of service, and availability of cloud stack management infrastructure. - Unauthorized access to network list may result in unauthorized access to network details, configurations, and data. 3. Affected Versions: - CVE-2024-42062: Affects Apache CloudStack 4.10.0 to 4.18.2.2 and 4.19.0.0 to 4.19.1.0. - CVE-2024-42222: Affects Apache CloudStack 4.19.1.0. 4. Remediation: - Users are advised to upgrade to version 4.18.2.3, 4.19.1.3, or later to resolve these issues. - Users on versions prior to 4.19.1.0 should avoid upgrading to 4.19.1.0. - To maintain environment security, users are recommended to regenerate all existing user keys. 5. Downloads and Documentation: - Official source code can be downloaded from the project's download page. - Release notes for 4.18.2.3 and 4.19.1.1 are available at: - 4.18.2.3 - 4.19.1.1 6. Contributor-Released Packages: - In addition to official source code releases, individual contributors have released packages for various operating systems, available at: - el/7 - el/8 - el/9 - suse/15 - ubuntu/dists - shapeblue.com

Goal Reached Thanks to every supporter — we hit 100%!

Apache CloudStack User Key Exposure and Unauthorized Network Access Vulnerabilities (CVE-2024-42062/42222)

More from this source