Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C allows remote attackers to bypass the console proxy authentication by leveraging knowledge of the source code.
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cloudstack | Apache | 4.0.0 | 4.0.0 |
Cloudstack | Apache | 4.0.1 | 4.0.1 |
Cloudstack | Apache | 4.0.2 | 4.0.2 |
Cloudplatform | Citrix | 3.0 | 3.0 |
Cloudplatform | Citrix | 3.0.3 | 3.0.3 |
Cloudplatform | Citrix | 3.0.4 | 3.0.4 |
Cloudplatform | Citrix | 3.0.5 | 3.0.5 |
Cloudplatform | Citrix | 3.0.6 | 3.0.6 |