In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2018-02-06T14:00:00Z

Updated: 2024-09-17T01:36:03.050Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4317

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-02-06T14:29:00.237

Modified: 2018-02-26T15:42:04.960

Link: CVE-2013-4317

cve-icon Redhat

Severity : Low

Publid Date: 2018-01-03T00:00:00Z

Links: CVE-2013-4317 - Bugzilla