PT-2013-4891 · Openstack · Openstack Cinder

Rongze Zhu

Published

2013-09-16

Updated

2022-05-17

CVE-2013-4183

CVSS v4.0

6.9

Medium

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Cinder versions 2013.1.1 through 2013.1.2

Description The issue concerns the clear volume function in the LVMVolumeDriver driver, which fails to properly clear data when a snapshot is deleted. This allows local users to access sensitive information through unspecified means.

Recommendations For OpenStack Cinder versions 2013.1.1 through 2013.1.2, consider updating to a version where this issue is resolved, as the provided information does not specify the exact fixed version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2013-4183

GHSA-Q3RW-WCJ6-8CJF

PYSEC-2013-35

RHSA-2013:1198

Affected Products

Openstack Cinder

PT-2013-4891 · Openstack · Openstack Cinder

CVE-2013-4183

Weakness Enumeration

Related Identifiers

Affected Products

References · 15