CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.
References
Configurations

Configuration 1 (hide)

cpe:2.3:o:openstack:cinder:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

History

21 Nov 2024, 03:14

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2018:3601 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2018:3601 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2019:0917 - Third Party Advisory () https://access.redhat.com/errata/RHSA-2019:0917 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139 - Issue Tracking, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139 - Issue Tracking, Patch, Third Party Advisory
References () https://wiki.openstack.org/wiki/OSSN/OSSN-0084 - Mitigation, Third Party Advisory () https://wiki.openstack.org/wiki/OSSN/OSSN-0084 - Mitigation, Third Party Advisory

Information

Published : 2018-08-27 17:29

Updated : 2024-11-21 03:14


NVD link : CVE-2017-15139

Mitre link : CVE-2017-15139

CVE.ORG link : CVE-2017-15139


JSON object : View

Products Affected

openstack

  • cinder

redhat

  • openstack
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor