In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache cloudstack 4.1.0 |
||
apache cloudstack 4.1.1 |