[CVE-2013-4317] Apache CloudStack information disclosure vulnerability

[Rafael Weingärtner <rafael () apache org>]

The Apache CloudStack’s security team turns public the CVE-2013-4317.

*Severity*: High
*Vendor*: The Apache Software Foundation
*Versions Affected*: Apache CloudStack 4.1.0, 4.1.1

*Description*: When calling the CloudStack API call listProjectAccounts 
as a regular, non-administrative user, the user is able to see 
information for accounts other than their own.
*Mitigation*: Upgrade to Apache CloudStack 4.2

*Credit*: This issue was identified by Ahmad Emneina of Citrix.

P.S. This issue has been fixed a long time ago. However, the 
announcement has been forgotten. We apologize for that.

--
Rafael Weingärtner