vulnerability

Ubuntu: (CVE-2017-15139): cinder vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Aug 27, 2018	Nov 19, 2024	Apr 16, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Aug 27, 2018

Added

Nov 19, 2024

Modified

Apr 16, 2026

Description

A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

Solution

ubuntu-upgrade-cinder

References

CVE-2017-15139
https://attackerkb.com/topics/CVE-2017-15139
CWE-200
EUVD-EUVD-2017-6599
https://euvd.enisa.europa.eu/vulnerability/EUVD-2017-6599
https://wiki.openstack.org/wiki/OSSN/OSSN-0084
https://www.cve.org/CVERecord?id=CVE-2017-15139

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report