Description
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
Remediation
References
http://seclists.org/oss-sec/2018/q1/1
Related Vulnerabilities
CVE-2022-23082 Vulnerability in maven package io.whitesource:curekit
CVE-2021-21175 Vulnerability in npm package electron
CVE-2022-28366 Vulnerability in maven package org.codelibs:nekohtml
CVE-2011-4367 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project
CVE-2022-41678 Vulnerability in maven package org.apache.activemq:apache-activemq