Data Leakage Vulnerability in OpenStack Cinder by Red Hat
CVE-2017-15139

5.1MEDIUM

Key Information:

Vendor

Openstack Foundation

Status
Openstack-cinder
Vendor
CVE Published:
27 August 2018

What is CVE-2017-15139?

A vulnerability exists in OpenStack Cinder affecting specific volume configurations, particularly ScaleIO volumes that utilize thin provisioning and zero padding. This flaw allows newly created volumes to inadvertently include remnants of previously stored data, potentially leading to the unauthorized exposure of sensitive information between different tenants. Organizations using affected versions should assess their configurations and take necessary precautions to mitigate this risk of data leakage.

Affected Version(s)

openstack-cinder up to and including Queens

References

https://wiki.openstack.org/wiki/OSSN/OSSN-0084
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:3601
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139
x_refsource_CONFIRM

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-15139 : Data Leakage Vulnerability in OpenStack Cinder by Red Hat