Vulnerability Description
The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Cinder | 2013.1.1 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-1198.htmlPatchVendor Advisory
- http://www.ubuntu.com/usn/USN-2005-1
- https://bugs.launchpad.net/cinder/+bug/1198185
- http://rhn.redhat.com/errata/RHSA-2013-1198.htmlPatchVendor Advisory
- http://www.ubuntu.com/usn/USN-2005-1
- https://bugs.launchpad.net/cinder/+bug/1198185
FAQ
What is CVE-2013-4183?
CVE-2013-4183 is a vulnerability with a CVSS score of 2.1 (LOW). The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive in...
How severe is CVE-2013-4183?
CVE-2013-4183 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4183?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Cinder.