Remote Key Exposure in Apache CloudStack by Apache
CVE-2014-9593

Currently unrated

Key Information:

Vendor: Apache
Status: Cloudstack
Vendor: CVE Published:; 15 January 2015

Summary

Earlier versions of Apache CloudStack prior to 4.3.2 and 4.4.2 allow remote attackers to retrieve sensitive private keys through the listSslCerts API call. This vulnerability could lead to unauthorized access and control over SSL certificates, compromising the security of cloud environments. It is crucial for users to upgrade to the corrected versions to mitigate potential risks associated with this vulnerability.

References

http://docs.cloudstack.apache.org/projects/cloudstack-rel...

x_refsource_CONFIRM

http://docs.cloudstack.apache.org/projects/cloudstack-rel...

x_refsource_CONFIRM

http://secunia.com/advisories/62216

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 15, 2015