CVE-2017-15139 Vulnerability Details

  /     /     /  

CVE-2017-15139 Metadata Quick Info

CVE Published: 27/08/2018 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: redhat | Vendor: OpenStack Foundation | Product: openstack-cinder
Status : PUBLISHED

---

CVE-2017-15139 Description

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: CWE-200
Source: OpenStack Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).