Description
In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.
Remediation
References
http://seclists.org/oss-sec/2018/q1/1
Related Vulnerabilities
CVE-2020-4045 Vulnerability in npm package ssb-server
CVE-2019-10312 Vulnerability in maven package org.jenkins-ci.plugins:ansible-tower
CVE-2021-39185 Vulnerability in maven package org.http4s:http4s-server
CVE-2022-37734 Vulnerability in maven package com.graphql-java:graphql-java
CVE-2022-36527 Vulnerability in maven package com.jflyfox:jflyfox_jfinal