CVE-2013-4183

OpenStack Cinder 2013.1.1-2013.1.2 - Exposure of Sensitive Information via LVMVolumeDriver Snapshot Deletion

Title source: llm
STIX 2.1

Description

The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

References (3)

Core 3
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1198.html
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/cinder/+bug/1198185
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2005-1

Scores

EPSS 0.0016
EPSS Percentile 35.9%

Details

CWE
CWE-200
Status published
Products (3)
openstack/cinder 2013.1.1
openstack/cinder 2013.1.2
pypi/cinder 0 - 7.0.0a0PyPI
Published Sep 16, 2013
Tracked Since Feb 18, 2026