CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-15139

HIGH
7.5
CVSS Severity Score
EPSS Score0.0450%
EPSS Percentile27.65th
Published2018年8月27日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

Affected Platforms (CPE)

💻
Openstack

Cinder

<= 12.0.4-7
📦
Redhat

Openstack

= 10
📦
Redhat

Openstack

= 13

References & Advisories

🔗 https://access.redhat.com/errata/RHSA-2018:3601
🔗 https://access.redhat.com/errata/RHSA-2019:0917
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139
🔗 https://wiki.openstack.org/wiki/OSSN/OSSN-0084
🔗 https://access.redhat.com/errata/RHSA-2018:3601
🔗 https://access.redhat.com/errata/RHSA-2019:0917
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139
🔗 https://wiki.openstack.org/wiki/OSSN/OSSN-0084

相关漏洞威胁

CVE-2018-179549.3

An Improper Privilege Management in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenSt...

CVE-2020-173768.3

An issue was discovered in Guest.migrate in virt/libvirt/guest.py in OpenStack Nova before 19.3.1, 20.x before 20.3.1, and 21.0.0....

CVE-2015-51627.5

The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13...

CVE-2015-18516.8

OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 2015.1.1 (kilo) allows remote au...

CVE-2017-15139 Detail & Impact Analysis | CVSS 7.5 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space