Candidate: CVE-2017-15139
PublicDate: 2018-08-27 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15139
 https://wiki.openstack.org/wiki/OSSN/OSSN-0084
Description:
 A vulnerability was found in openstack-cinder releases up to and including
 Queens, allowing newly created volumes in certain storage volume
 configurations to contain previous data. It specifically affects ScaleIO
 volumes using thin volumes and zero padding. This could lead to leakage of
 sensitive information between tenants.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ossn/+bug/1699573
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]


Patches_cinder:
 upstream: https://git.openstack.org/cgit/openstack/cinder/commit/?id=7feb62197d371ab7253dc86a34af6ff8b484b4df
upstream_cinder: released (2:13.0.0-2)
precise/esm_cinder: DNE
trusty_cinder: not-affected (code not present)
trusty/esm_cinder: DNE (trusty was not-affected [code not present])
xenial_cinder: ignored (end of standard support, was needed)
esm-infra/xenial_cinder: needed
bionic_cinder: needed
cosmic_cinder: released (2:13.0.0~rc1-0ubuntu2)
disco_cinder: released (2:13.0.0~rc1-0ubuntu2)
eoan_cinder: released (2:13.0.0~rc1-0ubuntu2)
focal_cinder: released (2:13.0.0~rc1-0ubuntu2)
groovy_cinder: released (2:13.0.0~rc1-0ubuntu2)
hirsute_cinder: released (2:13.0.0~rc1-0ubuntu2)
impish_cinder: released (2:13.0.0~rc1-0ubuntu2)
jammy_cinder: released (2:13.0.0~rc1-0ubuntu2)
devel_cinder: released (2:13.0.0~rc1-0ubuntu2)