PyPi: Apache-Libcloud

CVE-2013-6480

Safety vulnerability ID: 25629

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jan 07, 2014 Updated at Mar 29, 2024

Scan your Python projects for vulnerabilities →

Advisory

Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.

Affected package

apache-libcloud

Latest version: 3.8.0

A standard Python library that abstracts away differences among multiple cloud provider APIs. For more information and documentation, please see https://libcloud.apache.org

Affected versions

Fixed versions

Vulnerability changelog

-----------------------------------

Compute
~~~~~~~

- Send "scrub_data" query parameter when destroying a DigitalOcean node.
This will cause disk to be scrubbed (overwritten with 0's) when destroying
a node. (LIBCLOUD-487)

Note: This fixes a security issue with a potential leak of data contained
on the destroyed node which only affects users of the DigitalOcean driver.
(CVE-2013-6480)
[Tomaz Muraus]

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

LOW 2.1

CVSS v2 Details

LOW 2.1

Access Vector (AV): LOCAL
Access Complexity (AC): LOW
Authentication (Au): NONE
Confidentiality Impact (C): PARTIAL
Integrity Impact (I): NONE
Availability Impact (A): NONE