Incorrect access control in Proxmox Virtual Environment (PVE) 9.x qemu-server before 9.1.8 and 8.x before 8.4.8
Summary
Incorrect access control in Proxmox Virtual Environment (PVE) 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API.
What this means
In plain English
Incorrect access control in Proxmox Virtual Environment (PVE) 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API. The flaw can allow operations or data access outside the authorization boundary intended by the affected product.
Recommended action
Primary action: update to a vendor-listed fixed release: 9.1.8, 8.4.8.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
- before 9.1.8
- before 8.4.8
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- 9.1.8
- 8.4.8
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation
Upgrade to a fixed release: 9.1.8, 8.4.8. That is the remediation for this advisory.
The vendor advisory may list additional interim mitigations or workarounds not captured here — review it before change work.
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.