CVE-2014-0031

CWE-2644 documents4 sources
Severity
4.0MEDIUM
EPSS
0.3%
top 44.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Cloudstack
Timeline
PublishedJan 15
Latest updateMay 17

Description

The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/cloudstack4.2.0+34

🔴Vulnerability Details

2
GHSA
GHSA-25qg-4p93-qpvm: The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 42022-05-17
CVEList
CVE-2014-0031: The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 42014-01-14

💬Community

1
Bugzilla
CVE-2014-5269 perl-Plack: trailing slashes removed leading to source code disclosure2014-08-12
CVE-2014-0031 (MEDIUM CVSS 4) | The (1) ListNetworkACL and (2) list | cvebase.io