Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache CloudStack 本地信息泄露漏洞
Vulnerability Description
CloudStack是美国阿帕奇(Apache)软件基金会的一套开源的云计算软件。该软件可用于部署、管理、配置公共和私有云(IaaS)。 Apache CloudStack 4.0.0-incubating和Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.6之前版本中存在漏洞,该漏洞源于log4j.conf日志文件中存储敏感信息。本地攻击者利用该漏洞获得(1)被createSSHKeyPair API记录的SSH私钥,(2)被AddHost AP
CVSS Information
N/A
Vulnerability Type
N/A