Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-59454

Опубликовано: 27 нояб. 2025
Источник: nvd
CVSS3: 4.3
EPSS Низкий

Описание

In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL

  • listNetworkACLs
  • listResourceDetails
  • listVirtualMachinesUsageHistory
  • listVolumesUsageHistory

While these APIs were accessible only to authorized users, insufficient permission validation meant that users could occasionally access information beyond their intended scope.

Users are recommended to upgrade to Apache CloudStack 4.20.2.0 or 4.22.0.0, which fixes the issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:cloudstack:*:*:*:*:*:*:*:*
Версия от 4.0.0 (включая) до 4.20.2.0 (исключая)
cpe:2.3:a:apache:cloudstack:4.21.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 32%
0.00123
Низкий

4.3 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

github логотип

GHSA-g2p7-38hq-rvj6

CVSS3: 4.3
github
2 месяца назад

In Apache CloudStack, a gap in access control checks affected the APIs - createNetworkACL - listNetworkACLs - listResourceDetails - listVirtualMachinesUsageHistory - listVolumesUsageHistory While these APIs were accessible only to authorized users, insufficient permission validation meant that users could occasionally access information beyond their intended scope. Users are recommended to upgrade to Apache CloudStack 4.20.2.0 or 4.22.0.0, which fixes the issue.

EPSS

Процентиль: 32%
0.00123
Низкий

4.3 Medium

CVSS3

Дефекты

CWE-200