First published: Tue Jan 07 2014(Updated: )
Libcloud 0.12.3 through 0.13.2 does not set the `scrub_data parameter` for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Libcloud | =0.12.3 | |
Apache Libcloud | =0.12.4 | |
Apache Libcloud | =0.13.0 | |
Apache Libcloud | =0.13.1 | |
Apache Libcloud | =0.13.2 | |
pip/apache-libcloud | >=0.12.3<=0.13.2 | 0.13.3 |
=0.12.3 | ||
=0.12.4 | ||
=0.13.0 | ||
=0.13.1 | ||
=0.13.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.