CVE-2013-4183

Openstack Cinder < 7.0.0a0 - Information Disclosure

Title source: rule

Description

The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

References (3)

[Patch, Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-1198.html

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2005-1

[Issue Tracking] https://bugs.launchpad.net/cinder/+bug/1198185

Scores

EPSS 0.0016

EPSS Percentile 36.1%

Classification

CWE

CWE-200

Status draft

Affected Products (3)

openstack/cinder

pypi/cinder < 7.0.0a0PyPI

Timeline

Published Sep 16, 2013

Tracked Since Feb 18, 2026