Description
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
Remediation
References
http://seclists.org/oss-sec/2018/q1/1
Related Vulnerabilities
CVE-2021-32621 Vulnerability in maven package org.xwiki.platform:xwiki-platform-dashboard-macro
CVE-2016-5019 Vulnerability in maven package org.apache.myfaces.trinidad:trinidad-impl
CVE-2020-7676 Vulnerability in maven package org.webjars.bowergithub.angular:angular
CVE-2019-13343 Vulnerability in maven package com.butor:portal
CVE-2022-39259 Vulnerability in maven package io.github.skylot:jadx-plugins-api