57 lines
1.2 KiB
YAML
57 lines
1.2 KiB
YAML
date: 2013-08-07
|
|
|
|
id: OSSA-2013-021
|
|
|
|
title: 'Cinder LVM volume driver does not support secure deletion'
|
|
|
|
description: 'Rongze Zhu from UnitedStack reported a vulnerability in the Cinder LVM
|
|
volume driver. The contents of LVM snapshots may not be cleared upon deletion even
|
|
when secure deletes are configured, resulting in potential exposure of latent data
|
|
to subsequent servers for other tenants. Only setups using LVMVolumeDriver are affected.'
|
|
|
|
reference: http://lists.openstack.org/pipermail/openstack/2013-August/000415.html
|
|
|
|
affected-products:
|
|
|
|
- product: cinder
|
|
version: 2013.1 (Grizzly) and later
|
|
|
|
vulnerabilities:
|
|
|
|
- cve-id: CVE-2013-4183
|
|
impact-assessment:
|
|
source: 'Red Hat Product Security'
|
|
rating: moderate
|
|
assessment:
|
|
type: CVSS2
|
|
score: 3.5
|
|
detail: AV:N/AC:M/Au:S/C:P/I:N/A:N
|
|
classification:
|
|
source: 'Red Hat Product Security'
|
|
type: CWE
|
|
detail: TODO
|
|
|
|
reporters:
|
|
|
|
- name: 'Rongze Zhu'
|
|
affiliation: UnitedStack
|
|
reported:
|
|
- CVE-2013-4183
|
|
|
|
issues:
|
|
|
|
links:
|
|
- https://launchpad.net/bugs/1198185
|
|
|
|
type: launchpad
|
|
|
|
reviews:
|
|
|
|
havana:
|
|
- https://review.openstack.org/#/c/36506
|
|
|
|
grizzly:
|
|
- https://review.openstack.org/#/c/39565
|
|
|
|
type: gerrit
|