The Apache Software Foundation is warning users about a configuration problem in the open-source CloudStack platform that could allow an attacker to take a number of unwanted actions, including deleting all of the virtual machines on a system. The vulnerability is considered critical, but the maintainers of the project have developed a workaround to mitigate the effects of the bug. CloudStack is a project that s under incubation at the Apache software Foundation and there hasn t yet been an official release of the platform.
Source: https://threatpost.com/critical-flaw-reported-cloudstack-100912/77093/