CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
59.6%
A vulnerability was found in openstack-cinder releases up to and including
Queens, allowing newly created volumes in certain storage volume
configurations to contain previous data. It specifically affects ScaleIO
volumes using thin volumes and zero padding. This could lead to leakage of
sensitive information between tenants.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | cinder | < 2:12.0.9-0ubuntu1.2 | UNKNOWN |
ubuntu | 18.10 | noarch | cinder | < 2:13.0.0~rc1-0ubuntu2 | UNKNOWN |
ubuntu | 19.04 | noarch | cinder | < 2:13.0.0~rc1-0ubuntu2 | UNKNOWN |
ubuntu | 19.10 | noarch | cinder | < 2:13.0.0~rc1-0ubuntu2 | UNKNOWN |
ubuntu | 20.04 | noarch | cinder | < 2:13.0.0~rc1-0ubuntu2 | UNKNOWN |
ubuntu | 20.10 | noarch | cinder | < 2:13.0.0~rc1-0ubuntu2 | UNKNOWN |
ubuntu | 21.04 | noarch | cinder | < 2:13.0.0~rc1-0ubuntu2 | UNKNOWN |
ubuntu | 21.10 | noarch | cinder | < 2:13.0.0~rc1-0ubuntu2 | UNKNOWN |
ubuntu | 22.04 | noarch | cinder | < 2:13.0.0~rc1-0ubuntu2 | UNKNOWN |
ubuntu | 22.10 | noarch | cinder | < 2:13.0.0~rc1-0ubuntu2 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
59.6%