A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2018:3601 | Third Party Advisory |
https://access.redhat.com/errata/RHSA-2019:0917 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139 | Issue Tracking Patch Third Party Advisory |
https://wiki.openstack.org/wiki/OSSN/OSSN-0084 | Mitigation Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-08-27 17:29
Updated : 2024-02-28 16:48
NVD link : CVE-2017-15139
Mitre link : CVE-2017-15139
CVE.ORG link : CVE-2017-15139
JSON object : View
Products Affected
openstack
- cinder
redhat
- openstack
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor