Detailedlikelihood: Lowseverity: MediumDraft

CAPEC-546Incomplete Data Deletion in a Multi-Tenant Environment

Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
Medium

Description

An adversary obtains unauthorized information due to insecure or incomplete data deletion in a multi-tenant environment. If a cloud provider fails to completely delete storage and data from former cloud tenants' systems/resources, once these resources are allocated to new, potentially malicious tenants, the latter can probe the provided resources for sensitive information still there.

Related weaknesses· 3

CWE-284CWE-1266CWE-1272

Related attack patterns· 1

CAPEC-545 (ChildOf)

Exploits3

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-284100%live
WeaknessImproper Scrubbing of Sensitive Data from Decommissioned Devicecwe-1266100%live
WeaknessSensitive Information Uncleared Before Debug/Power State Transitioncwe-1272100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Retrieve Data from Decommissioned Devices
CAPEC
Lifting Sensitive Data Embedded in Cache
CAPEC
Contaminate Resource
CAPEC
Data Injected During Configuration
CAPEC
Dumpster Diving
CAPEC
DEPRECATED: Degradation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.