In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2018-02-06T14:00:00Z
Updated: 2024-09-17T01:36:03.050Z
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4317
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-02-06T14:29:00.237
Modified: 2018-02-26T15:42:04.960
Link: CVE-2013-4317
Redhat