|Category:||Access Control Error|
Published on 24/06/10 - Updated on 15/01/13
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.