CyberSec.Space Logo
Back to CVE Browser

CVE-2017-15139

HIGH
7.5
CVSS Severity Score
EPSS Score0.0450%
EPSS Percentile27.65th
PublishedAug 27, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

Affected Platforms (CPE)

πŸ’»
Openstack

Cinder

<= 12.0.4-7
πŸ“¦
Redhat

Openstack

= 10
πŸ“¦
Redhat

Openstack

= 13

References & Advisories

πŸ”— https://access.redhat.com/errata/RHSA-2018:3601
πŸ”— https://access.redhat.com/errata/RHSA-2019:0917
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139
πŸ”— https://wiki.openstack.org/wiki/OSSN/OSSN-0084
πŸ”— https://access.redhat.com/errata/RHSA-2018:3601
πŸ”— https://access.redhat.com/errata/RHSA-2019:0917
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139
πŸ”— https://wiki.openstack.org/wiki/OSSN/OSSN-0084

Related Vulnerabilities

CVE-2018-179549.3

An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenSt...

CVE-2020-173768.3

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0....

CVE-2015-51627.5

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13...

CVE-2015-18516.8

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote au...