CVE-2017-15139
HIGHOpenStack Cinder <= Queens - Exposure of Sensitive Information via ScaleIO Thin Volume Zero Padding
Title source: llmDescription
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.
References (4)
Core 4
Core References
Mitigation, Third Party Advisory x_refsource_misc
https://wiki.openstack.org/wiki/OSSN/OSSN-0084
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:3601
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:0917
Scores
CVSS v3
7.5
EPSS
0.0024
EPSS Percentile
47.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (3)
openstack/cinder
< 12.0.4-7
redhat/openstack
10
redhat/openstack
13
Published
Aug 27, 2018
Tracked Since
Feb 18, 2026