cloudstack · threatengine.sh

CVE-2026-25199

>= 4.21.0.0 and < 4.22.0.1

Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue aff

9.1CRITICAL

CVE-2026-25077

>= 4.11.0.0 and < 4.20.3.0

Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instance

8.8HIGH

CVE-2025-69233

>= 4.0.0 and < 4.20.3.0

Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing vali

6.5MEDIUM

CVE-2025-66467

>= 4.19.0.0 and < 4.20.3.0

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previous

8.0HIGH

CVE-2025-66172

>= 4.21.0.0 and < 4.22.0.1

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-accoun

8.1HIGH

CVE-2025-66171

>= 4.21.0.0 and < 4.22.0.1

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-accoun

6.5MEDIUM

CVE-2025-66170

>= 4.21.0.0 and < 4.22.0.1

The CloudStack Backup plugin has an improper authorization logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user

6.5MEDIUM

CVE-2025-59454

>= 4.0.0 and < 4.20.2.0

In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails

4.3MEDIUM

CVE-2025-59302

>= 4.18.0.0 and < 4.20.2.0

In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is found in the following APIs which

4.7MEDIUM

CVE-2025-30675

>= 4.0.0 and < 4.19.3.0

In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource A

4.7MEDIUM

CVE-2025-47849

>= 4.10.0.0 and < 4.19.3.0

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin

8.8HIGH

CVE-2025-47713

>= 4.10.0.0 and < 4.19.3.0

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin

8.8HIGH

CVE-2025-26521

>= 4.17.0.0 and < 4.19.3.0

When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the

8.1HIGH

CVE-2025-22829

all versions

The CloudStack Quota plugin has an improper privilege management logic in version 4.20.0.0. Anyone with authenticated user-account

4.3MEDIUM

CVE-2025-22828

>= 4.16.0.0

CloudStack users can add and read comments (annotations) on resources they are authorised to access. Due to an access validatio

4.3MEDIUM

CVE-2024-50386

>= 4.0.0 and < 4.18.2.5

Account users in Apache CloudStack by default are allowed to register templates to be downloaded directly to the primary storage f

8.5HIGH

CVE-2024-45693

>= 4.15.1.0 and < 4.18.2.4

Users logged into the Apache CloudStack's web interface can be tricked to submit malicious CSRF requests due to missing validation

8.0HIGH

CVE-2024-45462

>= 4.15.1.0 and < 4.18.2.4

The logout operation in the CloudStack web interface does not expire the user session completely which is valid until expiry by ti

6.3MEDIUM

CVE-2024-45461

>= 4.7.0 and < 4.18.2.4

The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is di

5.7MEDIUM

CVE-2024-45219

>= 4.0.0 and < 4.18.2.4

Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for

8.5HIGH

CVE-2024-42222

all versions

In Apache CloudStack 4.19.1.0, a regression in the network listing API allows unauthorised list access of network details for doma

4.3MEDIUM

CVE-2024-42062

>= 4.10.0.0 and < 4.18.2.3

CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can gener

7.2HIGH

CVE-2024-41107

>= 4.5.0 and < 4.18.2.2

The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML a

8.1HIGH

CVE-2024-39864

>= 4.0.0 and < 4.18.2.1

The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and ena

9.8CRITICAL

CVE-2024-38346

>= 4.0.0 and < 4.18.2.1

The CloudStack cluster service runs on unauthenticated port (default 9090) that can be misused to run arbitrary commands on target

9.8CRITICAL

CVE-2024-29008

>= 4.14.0.0 and < 4.18.1.1

A problem has been identified in the CloudStack additional VM configuration (extraconfig) feature which can be misused by anyone w

6.4MEDIUM

CVE-2024-29007

>= 4.9.1.0 and < 4.18.1.1

The CloudStack management server and secondary storage VM could be tricked into making requests to restricted or random resources

7.3HIGH

CVE-2024-29006

>= 4.11.0.0 and < 4.18.1.1

By default the CloudStack management server honours the x-forwarded-for HTTP header and logs it as the source IP of an API request

9.8CRITICAL

CVE-2022-35741

>= 4.5.0 and < 4.16.1.1

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to

9.8CRITICAL

CVE-2022-26779

< 4.16.1.0

Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is c

7.5HIGH

CVE-2019-17562

< 4.13.1.0

A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior

9.8CRITICAL

CVE-2016-6813

>= 4.1.0 and <= 4.8.1.0

Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a

9.8CRITICAL

CVE-2013-4317

all versions

In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative us

4.3MEDIUM

CVE-2016-3085

all versions

Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x before 4.7.1.1, and 4.8.x before 4.8.0.1, when SAML-based auth

6.5MEDIUM

CVE-2015-3252

<= 4.5.1

Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote a

9.8CRITICAL

CVE-2015-3251

all versions

Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root a

4.9MEDIUM

CVE-2014-9593

<= 4.3.1

Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.

CVE-2014-7807

all versions

Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request w

CVE-2013-2758

all versions

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash

CVE-2013-2756

all versions

Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remot

CVE-2014-0031

<= 4.2.0

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list

CVE-2013-6398

<= 4.2.0

The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being resta

CVE-2013-2136

<= 4.1.0

Multiple cross-site scripting (XSS) vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary w

CVE-2012-5616

all versions

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information

CVE-2012-4501

all versions

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging

apache cloudstack