You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Rafael Weingärtner <ra...@apache.org> on 2018/01/03 13:33:35 UTC
[CVE-2013-4317] Apache CloudStack information disclosure
vulnerability
The Apache CloudStack’s security team turns public the CVE-2013-4317.
*Severity*: High
*Vendor*: The Apache Software Foundation
*Versions Affected*: Apache CloudStack 4.1.0, 4.1.1
*Description*: When calling the CloudStack API call listProjectAccounts
as a regular, non-administrative user, the user is able to see
information for accounts other than their own.
*Mitigation*: Upgrade to Apache CloudStack 4.2
*Credit*: This issue was identified by Ahmad Emneina of Citrix.
P.S. This issue has been fixed a long time ago. However, the
announcement has been forgotten. We apologize for that.
--
Rafael Weingärtner