Information Disclosure Vulnerability in CloudStack by Apache and Citrix
CVE-2012-5616

Currently unrated

Key Information:

Vendor
Citrix
Vendor
CVE Published:
22 January 2013

Summary

An information disclosure vulnerability exists in Apache CloudStack and Citrix CloudPlatform, where sensitive information such as SSH private keys and passwords for hosts and VMs can be accessed by local users. This occurs due to the improper storage of crucial data in the log4j.conf file, which may allow unauthorized access to sensitive details through various APIs, including createSSHKeyPair, AddHost, DeployVM, and ResetPasswordForVM.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.