In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2018-01-03T00:00:00
Updated: 2024-08-06T16:38:01.899Z
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4317
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-02-06T14:29:00.237
Modified: 2018-02-26T15:42:04.960
Link: CVE-2013-4317
Redhat