Data Exposure Vulnerability in OpenStack Cinder LVMVolumeDriver
CVE-2013-4183

Currently unrated

Key Information:

Vendor: Openstack
Status: Cinder
Vendor: CVE Published:; 16 September 2013

Summary

The clear_volume function in the LVMVolumeDriver of OpenStack Cinder versions 2013.1.1 and 2013.1.2 fails to adequately clear data when a snapshot is deleted. This flaw permits local users to potentially access sensitive information through unspecified methods, compromising data integrity and confidentiality. Operators of affected releases should review their snapshot management practices to mitigate risks associated with this vulnerability.

References

http://rhn.redhat.com/errata/RHSA-2013-1198.html

vendor-advisoryx_refsource_REDHAT

https://bugs.launchpad.net/cinder/+bug/1198185

x_refsource_CONFIRM

http://www.ubuntu.com/usn/USN-2005-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Sep 16, 2013
Vulnerability Reserved
Jun 12, 2013