CVE-2024-45461 – Apache CloudStack Quota plugin: Access checks not enforced in Quota

https://notcve.org/view.php?id=CVE-2024-45461

16 Oct 2024 — The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. In environments where the feature is enabled, due to missing access check enforcements, non-administrative CloudStack user accounts are able to access and modify quota-related configurations and data. This issue affects Apache CloudStack from 4.7.0 through 4.18.2.3; and from 4.19.0.0 through 4.19.1.1, where the Quota feature is enabled. Users are recommended to... • https://cloudstack.apache.org/blog/security-release-advisory-4.18.2.4-4.19.1.2 • CWE-269: Improper Privilege Management CWE-862: Missing Authorization •