CVE-2017-15139 Information

Description

A vulnerability was found in openstack-cinder releases up to and including Queens allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://access.redhat.com/errata/RHSA-2018:3601 https://access.redhat.com/errata/RHSA-2019:0917 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139 https://wiki.openstack.org/wiki/OSSN/OSSN-0084

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5