CVE-2017-15139

EUVD-2017-6599
A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
redhatCNA
5.1 MEDIUM
LOCAL
HIGH
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
openstackcinder
𝑥
≤ 12.0.4-7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cinder
bookworm
2:21.3.1-1~deb12u1
fixed
bookworm (security)
2:21.3.1-1~deb12u1
fixed
bullseye
2:17.0.1-1+deb11u1
fixed
bullseye (security)
2:17.4.0-1~deb11u2
fixed
jessie
not-affected
sid
2:25.0.0-1
fixed
stretch
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cinder
bionic
Fixed 2:12.0.9-0ubuntu1.2
released
cosmic
Fixed 2:13.0.0~rc1-0ubuntu2
released
disco
Fixed 2:13.0.0~rc1-0ubuntu2
released
eoan
Fixed 2:13.0.0~rc1-0ubuntu2
released
focal
Fixed 2:13.0.0~rc1-0ubuntu2
released
groovy
Fixed 2:13.0.0~rc1-0ubuntu2
released
hirsute
Fixed 2:13.0.0~rc1-0ubuntu2
released
impish
Fixed 2:13.0.0~rc1-0ubuntu2
released
jammy
Fixed 2:13.0.0~rc1-0ubuntu2
released
kinetic
Fixed 2:13.0.0~rc1-0ubuntu2
released
lunar
Fixed 2:13.0.0~rc1-0ubuntu2
released
mantic
Fixed 2:13.0.0~rc1-0ubuntu2
released
noble
Fixed 2:13.0.0~rc1-0ubuntu2
released
trusty
dne
xenial
needed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2018:3601
https://access.redhat.com/errata/RHSA-2019:0917
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139
https://wiki.openstack.org/wiki/OSSN/OSSN-0084
https://access.redhat.com/errata/RHSA-2018:3601
https://access.redhat.com/errata/RHSA-2019:0917
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139
https://wiki.openstack.org/wiki/OSSN/OSSN-0084