CVE-2013-4183

Published: Sep 16, 2013Modified: Apr 29, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

Affected (2)

Products: Openstack: Cinder

Openstack

1 product

Cinder

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Cinder	Version 2013.1.1
Openstack Cinder	Version 2013.1.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://rhn.redhat.com/errata/RHSA-2013-1198.html

Source: secalert@redhat.com

PatchVendor Advisory

http://www.ubuntu.com/usn/USN-2005-1

Source: secalert@redhat.com

https://bugs.launchpad.net/cinder/+bug/1198185

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1198.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.ubuntu.com/usn/USN-2005-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/cinder/+bug/1198185

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.