CVE-2012-5616

Apache CloudStack 4.0.0-incubating Information Disclosure

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) the SSH private key as recorded by the createSSHKeyPair API, (2) the password of an added host as recorded by the AddHost API, or the password of an added VM as recorded by the (3) DeployVM or (4) ResetPasswordForVM API.

CloudStack Apache v4.0.0-incubación y Citrix CloudPlatform (anteriormente Citrix CloudStack ) anterior a v3.0.6 almacena información sensible en el archivo de registro log4j.conf, lo que permite a usuarios locales obtener (1) la clave privada SSH registradas por la API createSSHKeyPair, (2) la contraseña de un host agregado registrada por la API AddHost, o la contraseña de un VM añadido según los registrado por el DeployVM (3) o (4) API ResetPasswordForVM.

The CloudStack security team was notified of a information disclosure vulnerability that exists in Apache CloudStack-4.0.0-incubating. With this vulnerability, when a user calls the createSSHKeyPair API command to create an SSH key pair to be used when authenticating to a user VM, the freshly generated SSH private key is rendered in a log file at INFO level on the CloudStack "master" server as well as being returned to the caller.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Local

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-10-24 CVE Reserved
2013-01-12 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-255: Credentials Management Errors

CAPEC

References (12)

URL	Tag	Source
http://mail-archives.apache.org/mod_mbox/incubator-cloudstack-users/201301.mbox/%3C1BD2169F-BBFE-4E27-B50F-F17D7D08B565%40stratosec.co%3E	Mailing List
http://osvdb.org/89070	Vdb Entry
http://osvdb.org/89146	Vdb Entry
http://osvdb.org/89147	Vdb Entry
http://seclists.org/fulldisclosure/2013/Jan/65	Mailing List
http://secunia.com/advisories/51366	Third Party Advisory
http://secunia.com/advisories/51821	Third Party Advisory
http://secunia.com/advisories/51827	Third Party Advisory
http://www.securityfocus.com/bid/57225	Vdb Entry
http://www.securityfocus.com/bid/57259	Vdb Entry
http://www.securitytracker.com/id?1027978	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://support.citrix.com/article/CTX136163	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Cloudstack Search vendor "Apache" for product "Cloudstack"				4.0.0 Search vendor "Apache" for product "Cloudstack" and version "4.0.0"		incubating		Affected
Citrix Search vendor "Citrix"		Cloudplatform Search vendor "Citrix" for product "Cloudplatform"				<= 3.0.5 Search vendor "Citrix" for product "Cloudplatform" and version " <= 3.0.5"		-		Affected