oss-sec mailing list archives
[CVE-2013-4317] Apache CloudStack information disclosure vulnerability
From: Rafael Weingärtner <rafael () apache org>
Date: Wed, 3 Jan 2018 11:37:45 -0200
The Apache CloudStack’s security team turns public the CVE-2013-4317. *Severity*: High *Vendor*: The Apache Software Foundation *Versions Affected*: Apache CloudStack 4.1.0, 4.1.1*Description*: When calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
*Mitigation*: Upgrade to Apache CloudStack 4.2 *Credit*: This issue was identified by Ahmad Emneina of Citrix.P.S. This issue has been fixed a long time ago. However, the announcement has been forgotten. We apologize for that.
-- Rafael Weingärtner
Current thread:
- [CVE-2013-4317] Apache CloudStack information disclosure vulnerability Rafael Weingärtner (Jan 03)