CVE-2023-46326

high

Description

ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation.

References

https://github.com/zstackio/zstack/security/advisories/GHSA-w2rv-x3pp-h67q

Details

Source: Mitre, NVD

Published: 2023-11-30

Updated: 2023-12-06

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H