Apache CloudStack Network ACL Information Disclosure Vulnerability
CVE-2014-0031

Currently unrated

Key Information:

Vendor: Apache
Status: Cloudstack
Vendor: CVE Published:; 15 January 2014

Summary

The Apache CloudStack software allows remote authenticated users to exploit a vulnerability in the ListNetworkACL and listNetworkACLLists APIs. This can lead to unauthorized access, enabling these users to list network ACLs belonging to other users through crafted requests. The issue impacts versions prior to 4.2.1, highlighting the importance of updating to secure configurations to prevent potential information disclosures.

References

http://secunia.com/advisories/55960

third-party-advisoryx_refsource_SECUNIA

https://blogs.apache.org/cloudstack/entry/cve_2014_0031_c...

x_refsource_CONFIRM

https://issues.apache.org/jira/browse/CLOUDSTACK-5145

x_refsource_CONFIRM

Timeline

Vulnerability published
Jan 15, 2014
Vulnerability Reserved
Dec 3, 2013