Back to search
CVE-2016-6813
Published: Feb 6, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call designed to allow a user to register for the developer API. If a malicious user is able to determine the ID of another (non-"root") CloudStack user, the malicious user may be able to reset the API keys for the other user, in turn accessing their account and resources.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache CloudStack | affected 4.1 to 4.8.1.0affected 4.9.0.0 |
References
[cloudstack-announce] 20161027 Apache CloudStack Security Releases 4.8.1.1, 4.9.0.1
mailing-list
x_refsource_MLIST
93945
vdb-entry
x_refsource_BID
[www-announce] 20161028 [SECURITY] CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now