Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cloudstack | Apache | 4.0.0-incubating (including) | 4.0.0-incubating (including) |
Cloudstack | Apache | 4.0.1 (including) | 4.0.1 (including) |
Cloudstack | Apache | 4.0.2 (including) | 4.0.2 (including) |
Cloudplatform | Citrix | 3.0 (including) | 3.0 (including) |
Cloudplatform | Citrix | 3.0.3 (including) | 3.0.3 (including) |
Cloudplatform | Citrix | 3.0.4 (including) | 3.0.4 (including) |
Cloudplatform | Citrix | 3.0.5 (including) | 3.0.5 (including) |
Cloudplatform | Citrix | 3.0.6 (including) | 3.0.6 (including) |