Overview
- Description
- The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled. Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Alternatively, users that do not use the Quota feature are advised to disabled the plugin by setting the global setting "quota.enable.service" to "false".
- Source
- security@apache.org
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
Social media
- Hype score
- Not currently trending
The Apache CloudStack project has announced an advisory against CVE-2024-45219 (severity ‘Important’), CVE-2024-45461 (severity ‘Moderate’), CVE-2024-45462 (severity ‘Moderate’) and CVE-2024-45693 (severity ‘Important’). Read our blog to learn more: https://t.co/6jOZHaeBTI
@shapeblue
175 Impressions
4 Retweets
3 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2024-45461 The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments w… https://t.co/voy1YAPxgL
@CVEnew
383 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ Apache CloudStack Patches Critical Security Flaws in Latest Release CVE-2024-45219,CVE-2024-45693,CVE-2024-45461 and CVE-2024-45462 Strongly recommends that users upgrade to versions 4.18.2.4 or 4.19.1.2 🎯1k+ Results are found on the https://t.co/pb16tGYaKe nearly year.… h
@fofabot
696 Impressions
0 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0AC5324-15B3-4E0F-AC67-84C754F9337C",
"versionEndExcluding": "4.18.2.4",
"versionStartIncluding": "4.7.0"
},
{
"criteria": "cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B851F50-43E1-4DD1-989E-94676D12EC33",
"versionEndExcluding": "4.19.1.2",
"versionStartIncluding": "4.19.0.0"
}
],
"operator": "OR"
}
]
}
]