The Apache CloudStack project has announced an advisory against CVE-2024-42062 and CVE-2024-42222, both of severity rating ‘critical’, explained below. CVE-2024-42062: User Key Exposure to Domain Admins CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the … Continue reading ShapeBlue Security Advisory: Apache CloudStack Security Releases 4.18.2.3 and 4.19.1.1