Skip to content

OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots

Low severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Nov 21, 2024

Package

pip cinder (pip)

Affected versions

< 7.0.0a0

Patched versions

7.0.0a0

Description

The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

References

Published by the National Vulnerability Database Sep 16, 2013
Published to the GitHub Advisory Database May 17, 2022
Reviewed May 14, 2024
Last updated Nov 21, 2024

Severity

Low

EPSS score

0.042%
(5th percentile)

Weaknesses

CVE ID

CVE-2013-4183

GHSA ID

GHSA-q3rw-wcj6-8cjf

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.