CVE-2022-47951

Published on: Not Yet Published

Last Modified on: 02/06/2023 05:27:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Certain versions of Debian Linux from Debian contain the following vulnerability:

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

  • CVE-2022-47951 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.7 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH NONE NONE

CVE References

Description Tags Link
[SECURITY] [DLA 3300-1] glance security update lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20230130 [SECURITY] [DLA 3300-1] glance security update
Debian -- Security Information -- DSA-5338-1 cinder www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-5338
Bug #1996188 “[OSSA-2023-002] Arbitrary file access through cust...” : Bugs : OpenStack Compute (nova) launchpad.net
text/html
URL Logo MISC launchpad.net/bugs/1996188
Debian -- Security Information -- DSA-5337-1 nova www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-5337
[SECURITY] [DLA 3302-1] nova security update lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20230130 [SECURITY] [DLA 3302-1] nova security update
OSSA-2023-002: Arbitrary file access through custom VMDK flat descriptor — OpenStack Security Advisories 0.0.1.dev260 documentation security.openstack.org
text/html
URL Logo CONFIRM security.openstack.org/ossa/OSSA-2023-002.html
Debian -- Security Information -- DSA-5336-1 glance www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-5336
[SECURITY] [DLA 3301-1] cinder security update lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20230130 [SECURITY] [DLA 3301-1] cinder security update

Related QID Numbers

  • 181521 Debian Security Update for cinder (DLA 3301-1)
  • 181528 Debian Security Update for glance (DLA 3300-1)
  • 181529 Debian Security Update for nova (DLA 3302-1)
  • 181536 Debian Security Update for nova (DSA 5337-1)
  • 181537 Debian Security Update for glance (DSA 5336-1)
  • 181538 Debian Security Update for cinder (DSA 5338-1)
  • 199140 Ubuntu Security Notification for Nova Vulnerability (USN-5835-3)
  • 199141 Ubuntu Security Notification for OpenStack Glance Vulnerability (USN-5835-2)
  • 199142 Ubuntu Security Notification for Cinder Vulnerability (USN-5835-1)
  • 199162 Ubuntu Security Notification for Nova Vulnerability (USN-5835-5)
  • 199163 Ubuntu Security Notification for Cinder Vulnerability (USN-5835-4)
  • 241231 Red Hat Update for OpenStack Platform 17.0 (RHSA-2023:1015)
  • 241232 Red Hat Update for OpenStack Platform 17.0 (RHSA-2023:1016)
  • 241235 Red Hat Update for OpenStack Platform 17.0 (RHSA-2023:1017)
  • 241264 Red Hat Update for multiple OpenStack Platforms (RHSA-2023:1279)
  • 241265 Red Hat Update for multiple OpenStack Platforms (RHSA-2023:1278)
  • 241270 Red Hat Update for multiple OpenStack Platforms (RHSA-2023:1280)
  • 691112 Free Berkeley Software Distribution (FreeBSD) Security Update for py (a0509648-65ce-4a1b-855e-520a75bd2549)

Exploit/POC from Github

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x…

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux10.0AllAllAll
Operating
System
DebianDebian Linux11.0AllAllAll
ApplicationOpenstackCinderAllAllAllAll
ApplicationOpenstackCinderAllAllAllAll
ApplicationOpenstackGlanceAllAllAllAll
ApplicationOpenstackNovaAllAllAllAll
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @scs_osballiance @OVHcloud found a vulnerability (CVE-2022-47951) in the VMDK image processing code in @OpenStack Cinder, Glance and… twitter.com/i/web/status/1… 2023-01-24 16:09:36
Twitter Icon @oss_security [OSSA-2023-002] Cinder, Glance, Nova: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951): P… twitter.com/i/web/status/1… 2023-01-24 17:32:04
Twitter Icon @elburro via feed: Sovereign Cloud Stack Security Advisory VMDK image processing (CVE-2022-47951) scs.community/security/2023/… Th… twitter.com/i/web/status/1… 2023-01-24 19:10:15
Twitter Icon @CVEreport cve.report/CVE-2022-47951 An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0;… twitter.com/i/web/status/1… 2023-01-26 23:38:58
Reddit Logo Icon /r/netcve CVE-2022-47951 2023-01-27 00:39:07
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report