Lucene search

GitHub Advisory DatabaseGHSA-Q3RW-WCJ6-8CJF

HistoryMay 17, 2022 - 4:58 a.m.

OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots

2022-05-1704:58:58

CWE-200

GitHub Advisory Database

github.com

6.2 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

Affected configurations

Vulners

Node

github_advisory_databasecinderRange<7.0.0a0

CPENameOperatorVersion
cinderlt7.0.0a0

CPE	Name	Operator	Version
	cinder	lt	7.0.0a0

References

rhn.redhat.com/errata/RHSA-2013-1198.html

www.ubuntu.com/usn/USN-2005-1

bugs.launchpad.net/cinder/+bug/1198185

github.com/advisories/GHSA-q3rw-wcj6-8cjf

github.com/openstack/cinder/commit/0ee31073c5cb432a9cdd2648e99aa802b0ed0a17

github.com/openstack/cinder/commit/68c597e26b5659a036a7a937622e539bac102308

nvd.nist.gov/vuln/detail/CVE-2013-4183

6.2 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for GHSA-Q3RW-WCJ6-8CJF