Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-6480

CWE-200 — Information Exposure9 documents7 sources

Severity

2.1LOW

EPSS

0.6%

top 31.56%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Libcloud

Timeline

PublishedJan 7

Latest updateMay 14

Description

Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶PyPIapache-libcloud0.12.3 — 0.13.3

▶NVDapache/libcloud5 versions+4

🔴Vulnerability Details

GHSA

Libcloud does not properly scrub data when destroying a DigitalOcean node↗2022-05-14

▶

OSV

Libcloud does not properly scrub data when destroying a DigitalOcean node↗2022-05-14

▶

CVEList

CVE-2013-6480: Libcloud 0↗2014-01-07

▶

OSV

CVE-2013-6480: Libcloud 0↗2014-01-07

▶

💥Exploits & PoCs

Exploit-DB

Apache Libcloud Digital Ocean API - Local Information Disclosure↗2014-01-01

▶

📋Vendor Advisories

Debian

CVE-2013-6480: libcloud - Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the des...↗2013

▶

💬Community

Bugzilla

CVE-2013-6480 python-libcloud: doesn't send scrub_data query parameter when destroying a DigitalOcean node [fedora-all]↗2014-01-02

▶

Bugzilla

CVE-2013-6480 python-libcloud: doesn't send scrub_data query parameter when destroying a DigitalOcean node↗2014-01-02

▶