CVE-2017-15139 MEDIUM

CVE-2017-15139

Vendor Openstack Foundation

Product openstack-cinder

Weakness CWE-200 · Info exposure

Published August 27, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Local

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

Key dates

02Disclosure timeline

August 27, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-15139

Related vulnerabilities

Identifiers

CVE CVE-2017-15139

CWE CWE-200

CVSS 5.1 / MEDIUM

Affected versions