Information Disclosure Vulnerability in CloudStack by Apache and Citrix
CVE-2012-5616

Currently unrated

Key Information:

Vendor

Citrix
Status
Cloudplatform
Cloudstack
Vendor
CVE Published:
22 January 2013

What is CVE-2012-5616?

An information disclosure vulnerability exists in Apache CloudStack and Citrix CloudPlatform, where sensitive information such as SSH private keys and passwords for hosts and VMs can be accessed by local users. This occurs due to the improper storage of crucial data in the log4j.conf file, which may allow unauthorized access to sensitive details through various APIs, including createSSHKeyPair, AddHost, DeployVM, and ResetPasswordForVM.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://support.citrix.com/article/CTX136163
x_refsource_CONFIRM
http://osvdb.org/89146
vdb-entryx_refsource_OSVDB
http://seclists.org/fulldisclosure/2013/Jan/65
mailing-listx_refsource_FULLDISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.