2 matches found
CVE-2014-0031
Apache CloudStack (vulnerable: before 4.2.1) exposes an information disclosure via the ListNetworkACL and listNetworkACLLists APIs. The issue, caused by how crafted requests allow remote authenticated users to list network ACLs for other users, can reveal ACLs not owned by the attacker. Impact is...
Updated [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users
Issued: January 9, 2014 Updated: January 10, 2014 CVE-2014-0031 CloudStack ListNetworkACL API discloses ACLs for other users Product: Apache CloudStack Vendor: Apache Software Foundation Vulnerability type: Information Disclosure Vulnerable Versions: Apache CloudStack 4.2.0 CVE References:...