Published: 07/01/2014 Updated: 09/10/2018

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 215

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Libcloud 0.12.3 up to and including 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache libcloud 0.12.3
apache libcloud 0.12.4
apache libcloud 0.13.0
apache libcloud 0.13.1
apache libcloud 0.13.2

source: wwwsecurityfocuscom/bid/64617/info Apache Libcloud is prone to a local information-disclosure vulnerability Local attackers can exploit this issue to obtain sensitive information Information obtained may lead to further attacks Apache Libcloud versions 0123 through 0132 are vulnerable dd if=/dev/vda bs=1M | strings -n ...

CWE-200 https://digitalocean.com/blog_posts/transparency-regarding-data-security http://libcloud.apache.org/security.html https://github.com/fog/fog/issues/2525 http://www.securityfocus.com/bid/64617 http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html http://www.securityfocus.com/archive/1/530624/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/38937/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-6480

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect