CVE-2017-15139

Published: Aug 27, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

5.1

MEDIUM

Description

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

Vendor	Product	Versions
OpenStack Foundation	openstack-cinder	affected `up to and including Queens`

Weaknesses (CWE)

CWE-200

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

https://wiki.openstack.org/wiki/OSSN/OSSN-0084

x_refsource_MISC

RHSA-2018:3601

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139

x_refsource_CONFIRM

RHSA-2019:0917

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-15139

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References