Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

Published

2018-08-27T17:29:00.217

Last Modified

2024-11-21T03:14:08.970

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	openstack	cinder	≤ 12.0.4-7	Yes
Application	redhat	openstack	10	Yes
Application	redhat	openstack	13	Yes

References

https://access.redhat.com/errata/RHSA-2018:3601 Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2019:0917 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://wiki.openstack.org/wiki/OSSN/OSSN-0084 Mitigation, Third Party Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:3601 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:0917 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.openstack.org/wiki/OSSN/OSSN-0084 Mitigation, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)