CVE-2017-15139

CVE Database · CVE-2017-15139

CVE-2017-15139

· HIGHModified

CVSS v3.1

7.5

EPSS

1.24%

Published

Aug 27, 2018

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-200CWE-200

Affected Products (3)

openstack · cindervulnerable

redhat · openstackvulnerable

References (8)

https://access.redhat.com/errata/RHSA-2018:3601

Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0917

Third Party Advisory