Published: 27/08/2018 Updated: 03/02/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack cinder
redhat openstack 10
redhat openstack 13

Synopsis Moderate: openstack-cinder security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for openstack-cinder is now available for Red Hat OpenStack Platform 130 (Queens)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulner ...

Synopsis Moderate: openstack-cinder security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for openstack-cinder is now available for Red Hat OpenStack Platform 100 (Newton)Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulner ...

CWE-200 https://wiki.openstack.org/wiki/OSSN/OSSN-0084 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139 https://access.redhat.com/errata/RHSA-2018:3601 https://access.redhat.com/errata/RHSA-2019:0917 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2018:3601

CVE-2017-15139

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect