CVE-2023-46326

Published November 30th, 2023

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. This leads to privilege escalation.

zstackio/zstack

ZStack - the open-source IaaS software http://zstack.org (国内用户请至 http://zstack.io)

GitHub

1.37K