CVE-2014-0031

Currently unrated

Key Information:

Vendor: Apache
Status: Cloudstack
Vendor: CVE Published:; 15 January 2014

Summary

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.

References

http://secunia.com/advisories/55960

third-party-advisoryx_refsource_SECUNIA

https://blogs.apache.org/cloudstack/entry/cve_2014_0031_c...

x_refsource_CONFIRM

https://issues.apache.org/jira/browse/CLOUDSTACK-5145

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 15, 2014
Vulnerability Reserved
Dec 3, 2013