Data Leakage Vulnerability in OpenStack Cinder by Red Hat
CVE-2017-15139

5.1MEDIUM

Key Information:

Vendor
Openstack Foundation
Status
Openstack-cinder
Vendor
CVE Published:
27 August 2018

Summary

A vulnerability exists in OpenStack Cinder affecting specific volume configurations, particularly ScaleIO volumes that utilize thin provisioning and zero padding. This flaw allows newly created volumes to inadvertently include remnants of previously stored data, potentially leading to the unauthorized exposure of sensitive information between different tenants. Organizations using affected versions should assess their configurations and take necessary precautions to mitigate this risk of data leakage.

Affected Version(s)

openstack-cinder up to and including Queens

References

https://wiki.openstack.org/wiki/OSSN/OSSN-0084
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:3601
vendor-advisoryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139
x_refsource_CONFIRM

CVSS V3.1

Score:
5.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.