CVE-2013-6480

Apache Libcloud < 0.13.3 - Information Disclosure

Title source: rule

Description

Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.

Exploits (1)

exploitdb WRITEUP VERIFIED

by anonymous · textlocallinux

https://www.exploit-db.com/exploits/38937

View Code ZIP pw:eip

References (6)

[Vendor Advisory] http://libcloud.apache.org/security.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/530624/100/0/threaded

[Various Sources] https://digitalocean.com/blog_posts/transparency-regarding-data-security

[Issue Tracking] https://github.com/fog/fog/issues/2525

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/64617

Scores

EPSS 0.0056

EPSS Percentile 68.5%

Details

CWE

CWE-200

Status published

Products (6)

apache/libcloud 0.12.3

apache/libcloud 0.12.4

apache/libcloud 0.13.0

apache/libcloud 0.13.1

apache/libcloud 0.13.2

pypi/apache-libcloud 0.12.3 - 0.13.3PyPI

Published Jan 07, 2014

Tracked Since Feb 18, 2026