CVE-2013-4183

CWE-200 — Information Exposure12 documents8 sources

Severity

2.1LOW

EPSS

0.2%

top 63.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Cinder

Timeline

PublishedSep 16

Latest updateMay 17

Description

The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDopenstack/cinder2013.1.1, 2013.1.2+1

▶PyPIcinder< 7.0.0a0

▶Debiancinder< 2013.1.2-4+3

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

OSV

OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots↗2022-05-17

▶

GHSA

OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots↗2022-05-17

▶

OSV

CVE-2013-4183: The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013↗2013-09-16

▶

CVEList

CVE-2013-4183: The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013↗2013-09-16

▶

📋Vendor Advisories

Ubuntu

Cinder vulnerabilities↗2013-10-23

▶

Red Hat

OpenStack: Cinder LVM volume driver does not support secure deletion↗2013-07-05

▶

Debian

CVE-2013-4183: cinder - The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1...↗2013

▶

💬Community

Bugzilla

CVE-2013-4183 openstack-cinder: OpenStack: Cinder LVM volume driver does not support secure deletion [epel-6]↗2013-08-07

▶

Bugzilla

CVE-2013-4183 OpenStack: Cinder LVM volume driver does not support secure deletion↗2013-08-07

▶

Bugzilla

CVE-2013-4183 openstack-cinder: OpenStack: Cinder LVM volume driver does not support secure deletion [openstack-rdo]↗2013-08-07

▶

Bugzilla

CVE-2013-4183 openstack-cinder: OpenStack: Cinder LVM volume driver does not support secure deletion [fedora-all]↗2013-08-07

▶