Libcloud 0.12.3 up to and including 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache libcloud 0.12.3 |
||
apache libcloud 0.12.4 |
||
apache libcloud 0.13.0 |
||
apache libcloud 0.13.1 |
||
apache libcloud 0.13.2 |