CVE-2017-15139

Published: Aug 27, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

Affected (3)

Products: Openstack: Cinder · Redhat: Openstack

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Cinder	Up to 12.0.4-7

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 10
Redhat Openstack	Version 13

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

https://access.redhat.com/errata/RHSA-2018:3601

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0917

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139

Source: secalert@redhat.com

Issue TrackingPatchThird Party Advisory

https://wiki.openstack.org/wiki/OSSN/OSSN-0084

Source: secalert@redhat.com

MitigationThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:3601

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0917

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

https://wiki.openstack.org/wiki/OSSN/OSSN-0084

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

Timeline

No history available yet.