CVE-2017-15139

{"id": "CVE-2017-15139", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.4}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-08-27T17:29:00.217", "references": [{"url": "https://access.redhat.com/errata/RHSA-2018:3601", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2019:0917", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0084", "tags": ["Mitigation", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en las versiones de openstack-cinder hasta (e incluyendo) Queens, que permite que los vol\u00famenes nuevos creados en ciertas configuraciones de vol\u00famenes de almacenamiento contengan datos anteriores. Espec\u00edficamente, esto afecta a los vol\u00famenes ScaleIO que emplean vol\u00famenes finos y un relleno de cero. Esto podr\u00eda conducir al filtrado de informaci\u00f3n sensible entre inquilinos (tenants)."}], "lastModified": "2023-02-03T02:10:56.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:openstack:cinder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E29F557-0E0B-445D-8969-1E1DC5F95869", "versionEndIncluding": "12.0.4-7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA"}, {"criteria": "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "704CFA1A-953E-4105-BFBE-406034B83DED"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}