{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-02T06:49:53.818","vulnerabilities":[{"cve":{"id":"CVE-2017-15139","sourceIdentifier":"secalert@redhat.com","published":"2018-08-27T17:29:00.217","lastModified":"2026-06-17T01:07:19.177","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants."},{"lang":"es","value":"Se ha detectado una vulnerabilidad en las versiones de openstack-cinder hasta (e incluyendo) Queens, que permite que los volúmenes nuevos creados en ciertas configuraciones de volúmenes de almacenamiento contengan datos anteriores. Específicamente, esto afecta a los volúmenes ScaleIO que emplean volúmenes finos y un relleno de cero. Esto podría conducir al filtrado de información sensible entre inquilinos (tenants)."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"OpenStack Foundation","product":"openstack-cinder","versions":[{"version":"up to and including Queens","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV30":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.4,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:openstack:cinder:*:*:*:*:*:*:*:*","versionEndIncluding":"12.0.4-7","matchCriteriaId":"4E29F557-0E0B-445D-8969-1E1DC5F95869"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*","matchCriteriaId":"E722FEF7-58A6-47AD-B1D0-DB0B71B0C7AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*","matchCriteriaId":"704CFA1A-953E-4105-BFBE-406034B83DED"}]}]}],"references":[{"url":"https://access.redhat.com/errata/RHSA-2018:3601","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0917","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139","source":"secalert@redhat.com","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0084","source":"secalert@redhat.com","tags":["Mitigation","Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2018:3601","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://access.redhat.com/errata/RHSA-2019:0917","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0084","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Third Party Advisory"]}]}}]}