CVE-2013-4317: Information Exposure

February 6, 2018 (updated February 26, 2018)

In Apache CloudStack, when calling the CloudStack API call listProjectAccounts as a regular, non-administrative user, the user is able to see information for accounts other than their own.

References

nvd.nist.gov/vuln/detail/CVE-2013-4317

Code Behaviors & Features

Detect and mitigate CVE-2013-4317 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →