CVE-2013-6480: Information Exposure

January 7, 2014 (updated October 9, 2018)

Libcloud does not set the scrub_data parameter for the DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.

References

libcloud.apache.org/security.html
seclists.org/bugtraq/2014/Jan/5
github.com/fog/fog/issues/2525

Code Behaviors & Features

Detect and mitigate CVE-2013-6480 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →