Information Disclosure Vulnerability in CloudStack by Apache and Citrix
CVE-2012-5616

Currently unrated

Key Information:

Vendor: Citrix
Status: Cloudplatform; Cloudstack
Vendor: CVE Published:; 22 January 2013

What is CVE-2012-5616?

An information disclosure vulnerability exists in Apache CloudStack and Citrix CloudPlatform, where sensitive information such as SSH private keys and passwords for hosts and VMs can be accessed by local users. This occurs due to the improper storage of crucial data in the log4j.conf file, which may allow unauthorized access to sensitive details through various APIs, including createSSHKeyPair, AddHost, DeployVM, and ResetPasswordForVM.

References

http://support.citrix.com/article/CTX136163

x_refsource_CONFIRM

http://osvdb.org/89146

vdb-entryx_refsource_OSVDB

http://seclists.org/fulldisclosure/2013/Jan/65

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 22, 2013
Vulnerability Reserved
Oct 24, 2012