CVE-2022-47951
Published on: Not Yet Published
Last Modified on: 01/26/2023 10:11:38 PM UTC
The following vulnerability was found:
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
- CVE-2022-47951 has been assigned by
[email protected] to track the vulnerability
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Bug #1996188 “[OSSA-2023-002] Arbitrary file access through cust...” : Bugs : OpenStack Compute (nova) | launchpad.net text/html |
![]() |
OSSA-2023-002: Arbitrary file access through custom VMDK flat descriptor — OpenStack Security Advisories 0.0.1.dev260 documentation | security.openstack.org text/html |
![]() |
There are currently no QIDs associated with this CVE
There are no known software configurations (CPEs) currently associated with this CVE
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
@OVHcloud found a vulnerability (CVE-2022-47951) in the VMDK image processing code in @OpenStack Cinder, Glance and… twitter.com/i/web/status/1… | 2023-01-24 16:09:36 |
![]() |
[OSSA-2023-002] Cinder, Glance, Nova: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951): P… twitter.com/i/web/status/1… | 2023-01-24 17:32:04 |
![]() |
via feed: Sovereign Cloud Stack Security Advisory VMDK image processing (CVE-2022-47951) scs.community/security/2023/… Th… twitter.com/i/web/status/1… | 2023-01-24 19:10:15 |