Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.7
CVSSv3

CVE-2022-47951

Published: 26/01/2023 Updated: 06/02/2023
CVSS v3 Base Score: 5.7 | Impact Score: 3.6 | Exploitability Score: 2.1
VMScore: 0
Subscribe to Nova

Vulnerability Summary

An issue exists in OpenStack Cinder prior to 19.1.2, 20.x prior to 20.0.2, and 21.0.0; Glance prior to 23.0.1, 24.x prior to 24.1.1, and 25.0.0; and Nova prior to 24.1.2, 25.x prior to 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openstack nova

openstack glance

openstack cinder

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2022-47951: vulnerability in VMDK image processing
Debian Bug report logs - #1029561 CVE-2022-47951: vulnerability in VMDK image processing Package: nova-compute; Maintainer for nova-compute is Debian OpenStack <team+openstack@trackerdebianorg>; Source for nova-compute is src:nova (PTS, buildd, popcon) Reported by: Thomas Goirand <zigo@debianorg> Date: Tue, 24 Jan ...
Red Hat: Important: Synopsis: Red Hat OpenStack Platform (openstack-cinder) security update
Synopsis Important: Synopsis: Red Hat OpenStack Platform (openstack-cinder) security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openstack-cinder is now available for Red Hat OpenStackPlatformRed ...
Red Hat: Important: Red Hat OpenStack Platform (openstack-nova) security update
Synopsis Important: Red Hat OpenStack Platform (openstack-nova) security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openstack-nova is now available for Red Hat OpenStackPlatformRed Hat Product S ...
Red Hat: Important: Synopsis: Red Hat OpenStack Platform (openstack-glance) security update
Synopsis Important: Synopsis: Red Hat OpenStack Platform (openstack-glance) security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for openstack-glance is now available for Red Hat OpenStackPlatformRed ...
Debian Security Advisories: DSA-5336-1 glance -- security update
Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in Glance, the OpenStack image registry and delivery service, may result in information disclosure For the stable distribution (bullseye), this problem has been fixed in version 2:2100-2+deb11u1 We recommend t ...
Debian Security Advisories: DSA-5338-1 cinder -- security update
Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in Cinder, the OpenStack block storage system, may result in information disclosure For the stable distribution (bullseye), this problem has been fixed in version 2:1701-1+deb11u1 We recommend that you upgrade ...
Debian Security Advisories: DSA-5337-1 nova -- security update
Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in OpenStack Compute (codenamed Nova) may result in information disclosure For the stable distribution (bullseye), this problem has been fixed in version 2:2201-2+deb11u1 We recommend that you upgrade your nov ...
Red Hat:
Description<!---->A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive da ...

References

CWE-22https://security.openstack.org/ossa/OSSA-2023-002.htmlhttps://launchpad.net/bugs/1996188https://lists.debian.org/debian-lts-announce/2023/01/msg00042.htmlhttps://lists.debian.org/debian-lts-announce/2023/01/msg00041.htmlhttps://lists.debian.org/debian-lts-announce/2023/01/msg00040.htmlhttps://www.debian.org/security/2023/dsa-5337https://www.debian.org/security/2023/dsa-5338https://www.debian.org/security/2023/dsa-5336https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561https://nvd.nist.govhttps://www.debian.org/security/2023/dsa-5336
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook