{"id":"PYSEC-2014-97","details":"Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.","aliases":["CVE-2013-6480","GHSA-g892-9h8m-r69r"],"modified":"2024-02-23T21:13:25.455840Z","published":"2014-01-07T18:55:00Z","references":[{"type":"ARTICLE","url":"https://digitalocean.com/blog_posts/transparency-regarding-data-security"},{"type":"WEB","url":"http://libcloud.apache.org/security.html"},{"type":"REPORT","url":"https://github.com/fog/fog/issues/2525"},{"type":"WEB","url":"http://www.securityfocus.com/bid/64617"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/530624/100/0/threaded"}],"affected":[{"package":{"name":"apache-libcloud","ecosystem":"PyPI","purl":"pkg:pypi/apache-libcloud"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.12.3"},{"fixed":"0.13.3"}]}],"versions":["0.12.3","0.12.4","0.13.0","0.13.1","0.13.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/apache-libcloud/PYSEC-2014-97.yaml"}}],"schema_version":"1.7.3"}