Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 3 Jan 2018 11:37:45 -0200
From: Rafael Weingärtner <>
Subject: [CVE-2013-4317] Apache CloudStack information disclosure

The Apache CloudStack’s security team turns public the CVE-2013-4317.

*Severity*: High
*Vendor*: The Apache Software Foundation
*Versions Affected*: Apache CloudStack 4.1.0, 4.1.1

*Description*: When calling the CloudStack API call listProjectAccounts 
as a regular, non-administrative user, the user is able to see 
information for accounts other than their own.
*Mitigation*: Upgrade to Apache CloudStack 4.2

*Credit*: This issue was identified by Ahmad Emneina of Citrix.

P.S. This issue has been fixed a long time ago. However, the 
announcement has been forgotten. We apologize for that.

Rafael Weingärtner

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ