Description
The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55960
Vendor Advisory x_refsource_confirm
https://blogs.apache.org/cloudstack/entry/cve_2014_0031_cloudstack_listnetworkacl
Various Sources x_refsource_confirm
https://issues.apache.org/jira/browse/CLOUDSTACK-5145
Scores
EPSS
0.0032
EPSS Percentile
55.6%
Details
CWE
CWE-264
Status
published
Products (35)
apache/cloudstack
2.0
apache/cloudstack
2.0.1
apache/cloudstack
2.1.0
apache/cloudstack
2.1.1
apache/cloudstack
2.1.2
apache/cloudstack
2.1.3
apache/cloudstack
2.1.4
apache/cloudstack
2.1.5
apache/cloudstack
2.1.6
apache/cloudstack
2.1.7
... and 25 more
Published
Jan 15, 2014
Tracked Since
Feb 18, 2026