6.2 Medium
AI Score
Confidence
Low
2.1 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.
rhn.redhat.com/errata/RHSA-2013-1198.html
www.ubuntu.com/usn/USN-2005-1
bugs.launchpad.net/cinder/+bug/1198185
github.com/advisories/GHSA-q3rw-wcj6-8cjf
github.com/openstack/cinder/commit/0ee31073c5cb432a9cdd2648e99aa802b0ed0a17
github.com/openstack/cinder/commit/68c597e26b5659a036a7a937622e539bac102308
nvd.nist.gov/vuln/detail/CVE-2013-4183