CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.
References
Link Resource
https://access.redhat.com/errata/RHSA-2018:3601 Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0917 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139 Issue Tracking Patch Third Party Advisory
https://wiki.openstack.org/wiki/OSSN/OSSN-0084 Mitigation Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:openstack:cinder:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-08-27 17:29

Updated : 2024-02-28 16:48


NVD link : CVE-2017-15139

Mitre link : CVE-2017-15139

CVE.ORG link : CVE-2017-15139


JSON object : View

Products Affected

openstack

  • cinder

redhat

  • openstack
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor