Information disclosure in Apache Cloudstack
CVE-2014-9593
Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to obtain private keys via a listSslCerts API call.
Vulnerability class: Information Disclosure
EPSS: 0.027 (86.2th percentile) — read the EPSS interpretation.
Affected products
- Apache Cloudstack — versions 4.4.0, 4.4.1
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- 62216 (x_refsource_SECUNIA, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)