CVE-2017-15139

high

Description

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

References

https://wiki.openstack.org/wiki/OSSN/OSSN-0084

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139

https://access.redhat.com/errata/RHSA-2019:0917

https://access.redhat.com/errata/RHSA-2018:3601

Details

Source: Mitre, NVD

Published: 2018-08-27

Updated: 2023-02-03

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High