Lucene search
Redhat.comRH:CVE-2017-15139HistoryAug 21, 2018 - 9:18 a.m.
CVE-2017-15139
2018-08-2109:18:54
redhat.com
access.redhat.com
11
EPSS
0.002
Percentile
59.6%
An information-leak flaw was found in openstack-cinder deployments using the third-party EMC ScaleIO backend. It was possible for new volumes to contain previous data if they were created from storage pools which had disabled zero-padding. An attacker could exploit this flaw to obtain sensitive information.
Mitigation
This flaw only affects Red Hat OpenStack Platform deployments which use the third-party EMC ScaleIO driver plugin. To mitigate this flaw, ensure all volumes use zero-padding by updating the ScaleIO storage-pool policy.
Note: Only an empty pool's policy can be changed.
scli --modify_zero_padding_policy
(((--protection_domain_id <ID> |
--protection_domain_name <NAME>)
--storage_pool_name <NAME>) | --storage_pool_id <ID>)
(--enable_zero_padding | --disable_zero_padding)
Example:
scli --modify_zero_padding_policy
--protection_domain_name pd10 --storage_pool_name scale1
--enable_zero_padding
Related
cve
cve
CVE-2017-15139
2018-08-27 17:29:00
nvd
nvd
CVE-2017-15139
2018-08-27 17:29:00
nessus
nessus
RHEL 7 : openstack-cinder (RHSA-2019:0917)
2024-04-27 00:00:00
prion
prion
Design/Logic Flaw
2018-08-27 17:29:00
veracode
veracode
Information Disclosure
2019-01-15 09:27:09
ubuntucve
ubuntucve
CVE-2017-15139
2018-08-27 00:00:00
redhat
redhat
(RHSA-2019:0917) Moderate: openstack-cinder security and bug fix update
2019-04-30 16:30:54
(RHSA-2018:3601) Moderate: openstack-cinder security and bug fix update
2018-11-13 21:57:47
debiancve
debiancve
CVE-2017-15139
2018-08-27 17:29:00
cvelist
cvelist
CVE-2017-15139
2018-08-27 17:00:00