CVE-2017-15139

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
redhatCNA
5.1 MEDIUM
LOCAL
HIGH
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
openstackcinder
𝑥
≤ 12.0.4-7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cinder
bullseye
2:17.0.1-1+deb11u1
fixed
stretch
no-dsa
jessie
not-affected
bullseye (security)
2:17.4.0-1~deb11u2
fixed
bookworm
2:21.3.1-1~deb12u1
fixed
bookworm (security)
2:21.3.1-1~deb12u1
fixed
sid
2:25.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cinder
noble
Fixed 2:13.0.0~rc1-0ubuntu2
released
mantic
Fixed 2:13.0.0~rc1-0ubuntu2
released
lunar
Fixed 2:13.0.0~rc1-0ubuntu2
released
kinetic
Fixed 2:13.0.0~rc1-0ubuntu2
released
jammy
Fixed 2:13.0.0~rc1-0ubuntu2
released
impish
Fixed 2:13.0.0~rc1-0ubuntu2
released
hirsute
Fixed 2:13.0.0~rc1-0ubuntu2
released
groovy
Fixed 2:13.0.0~rc1-0ubuntu2
released
focal
Fixed 2:13.0.0~rc1-0ubuntu2
released
eoan
Fixed 2:13.0.0~rc1-0ubuntu2
released
disco
Fixed 2:13.0.0~rc1-0ubuntu2
released
cosmic
Fixed 2:13.0.0~rc1-0ubuntu2
released
bionic
Fixed 2:12.0.9-0ubuntu1.2
released
xenial
needed
trusty
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:3601
https://access.redhat.com/errata/RHSA-2019:0917
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139
https://wiki.openstack.org/wiki/OSSN/OSSN-0084
https://access.redhat.com/errata/RHSA-2018:3601
https://access.redhat.com/errata/RHSA-2019:0917
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139
https://wiki.openstack.org/wiki/OSSN/OSSN-0084