Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30238
HistoryJan 14, 2014 - 12:00 a.m.

Updated [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users

2014-01-1400:00:00
vulners.com
26
JSON

Issued: January 9, 2014
Updated: January 10, 2014

[CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users

Product: Apache CloudStack
Vendor: Apache Software Foundation
Vulnerability type: Information Disclosure
Vulnerable Versions: Apache CloudStack 4.2.0
CVE References: CVE-2014-0031
Risk Level: Low
CVSSv2 Base Scores: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)

Description:
The Apache CloudStack Security Team was notified of a an
issue in Apache CloudStack which permits an authenticated user to list
network ACLs for other users.

Mitigation:
Upgrading to CloudStack 4.2.1 or higher will mitigate this issue.

References:
https://issues.apache.org/jira/browse/CLOUDSTACK-5145

Credit:
This issue was identified by Marcus Sorensen

Related

cve 1
prion 1
securityvulns 1
cve
cve
CVE-2014-0031
2014-01-15 16:08:00
prion
prion
Cross site request forgery (csrf)
2014-01-15 16:08:00
securityvulns
securityvulns
Apache CloudStack security vulnerabilities
2014-01-14 00:00:00
JSON
Related for SECURITYVULNS:DOC:30238
cve1prion1securityvulns1