openstack-cinder is vulnerable to information disclosure. As data is retained after deletion of a ScaleIO
volume, newly created volumes in certain storage volume configurations contains data from the previous volume. This leads to confidential information leakage between tenants.
access.redhat.com/errata/RHSA-2018:3601
access.redhat.com/errata/RHSA-2019:0917
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1622535
bugzilla.redhat.com/show_bug.cgi?id=1624482
bugzilla.redhat.com/show_bug.cgi?id=1629049
bugzilla.redhat.com/show_bug.cgi?id=1635620
bugzilla.redhat.com/show_bug.cgi?id=1638406
bugzilla.redhat.com/show_bug.cgi?id=1639941
bugzilla.redhat.com/show_bug.cgi?id=1640833
bugzilla.redhat.com/show_bug.cgi?id=1640834
bugzilla.redhat.com/show_bug.cgi?id=1641111
bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139
wiki.openstack.org/wiki/OSSN/OSSN-0084