Information Disclosure Vulnerability in CloudStack by Apache and Citrix
CVE-2012-5616
Currently unrated
Summary
An information disclosure vulnerability exists in Apache CloudStack and Citrix CloudPlatform, where sensitive information such as SSH private keys and passwords for hosts and VMs can be accessed by local users. This occurs due to the improper storage of crucial data in the log4j.conf file, which may allow unauthorized access to sensitive details through various APIs, including createSSHKeyPair, AddHost, DeployVM, and ResetPasswordForVM.
References
Timeline
Vulnerability published
Vulnerability Reserved