Information disclosure in Openstack Cinder

CVE-2013-4183

The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

Vulnerability class: Information Disclosure

EPSS: 0.002 (36.1th percentile) — read the EPSS interpretation.

Affected products

Openstack Cinder — versions 2013.1.1, 2013.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

RHSA-2013:1198 (x_refsource_REDHAT, vendor-advisory, Patch, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM)
USN-2005-1 (x_refsource_UBUNTU, vendor-advisory)