Product: Apache CloudStack
Vendor: The Apache Software Foundation
CVE References: CVE-2013-2756, CVE-2013-2758
Vulnerability Type(s): Authentication bypass (2756), cryptography (2758)
Vulnerable version(s): Apache CloudStack version 4.0.0-incubating and 4.0.1-incubating
Risk Level: High, Medium
CVSSv2 Base Scores: 7.3 (AV:N/AC:H/Au:N/CI:P/I:C/A:C), 4.3 (AV:A/AC:H/Au:N/CI:P/I:P/A:P)
Description:
The CloudStack PMC was notified of two issues found in Apache CloudStack:
1) An attacker with knowledge of CloudStack source code could gain
unauthorized access to the console of another tenant's VM.
2) Insecure hash values may lead to information disclosure. URLs
generated by Apache CloudStack to provide console access to virtual
machines contained a hash of a predictable sequence, the hash of
which was generated with a weak algorithm. While not easy to leverage,
this may allow a malicious user to gain unauthorized console access.
Mitigation:
Updating to Apache CloudStack versions 4.0.2 or higher will mitigate
these vulnerabilities.
Credit:
These issues were identified by Wolfram Schlich and Mathijs Schmittmann
to the Citrix security team, who in turn notified the Apache
CloudStack PMC.