CVE-2017-15139

Name of the Vulnerable Software and Affected Versions: openstack-cinder versions up to and including Queens

Description: A vulnerability was found in openstack-cinder, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants.

Recommendations: For openstack-cinder versions up to and including Queens, consider reconfiguring storage volume settings to avoid using thin volumes and zero padding with ScaleIO volumes until a fix is available. As a temporary workaround, restrict access to sensitive information stored on newly created volumes to minimize the risk of data leakage.