{"api_version":"1","generated_at":"2026-04-23T02:25:04+00:00","cve":"CVE-2022-47951","urls":{"html":"https://cve.report/CVE-2022-47951","api":"https://cve.report/api/cve/CVE-2022-47951.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-47951","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951"},"summary":{"title":"CVE-2022-47951","description":"An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-01-26 22:15:00","updated_at":"2023-02-06 17:27:00"},"problem_types":["CWE-22"],"metrics":[],"references":[{"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html","name":"[debian-lts-announce] 20230130 [SECURITY] [DLA 3300-1] glance security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3300-1] glance security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5338","name":"DSA-5338","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5338-1 cinder","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://launchpad.net/bugs/1996188","name":"https://launchpad.net/bugs/1996188","refsource":"MISC","tags":[],"title":"Bug #1996188 “[OSSA-2023-002] Arbitrary file access through cust...” : Bugs : OpenStack Compute (nova)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.debian.org/security/2023/dsa-5337","name":"DSA-5337","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5337-1 nova","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html","name":"[debian-lts-announce] 20230130 [SECURITY] [DLA 3302-1] nova security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3302-1] nova security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.openstack.org/ossa/OSSA-2023-002.html","name":"https://security.openstack.org/ossa/OSSA-2023-002.html","refsource":"CONFIRM","tags":[],"title":"OSSA-2023-002: Arbitrary file access through custom VMDK flat descriptor — OpenStack Security Advisories 0.0.1.dev260 documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2023/dsa-5336","name":"DSA-5336","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-5336-1 glance","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html","name":"[debian-lts-announce] 20230130 [SECURITY] [DLA 3301-1] cinder security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3301-1] cinder security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-47951","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-47951","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"47951","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"47951","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"11.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"47951","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"cinder","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"47951","vulnerable":"1","versionEndIncluding":"19.1.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"cinder","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"47951","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"glance","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"47951","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openstack","cpe5":"nova","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-47951","qid":"181521","title":"Debian Security Update for cinder (DLA 3301-1)"},{"cve":"CVE-2022-47951","qid":"181528","title":"Debian Security Update for glance (DLA 3300-1)"},{"cve":"CVE-2022-47951","qid":"181529","title":"Debian Security Update for nova (DLA 3302-1)"},{"cve":"CVE-2022-47951","qid":"181536","title":"Debian Security Update for nova (DSA 5337-1)"},{"cve":"CVE-2022-47951","qid":"181537","title":"Debian Security Update for glance (DSA 5336-1)"},{"cve":"CVE-2022-47951","qid":"181538","title":"Debian Security Update for cinder (DSA 5338-1)"},{"cve":"CVE-2022-47951","qid":"184088","title":"Debian Security Update for novaglancecinder (CVE-2022-47951)"},{"cve":"CVE-2022-47951","qid":"199140","title":"Ubuntu Security Notification for Nova Vulnerability (USN-5835-3)"},{"cve":"CVE-2022-47951","qid":"199141","title":"Ubuntu Security Notification for OpenStack Glance Vulnerability (USN-5835-2)"},{"cve":"CVE-2022-47951","qid":"199142","title":"Ubuntu Security Notification for Cinder Vulnerability (USN-5835-1)"},{"cve":"CVE-2022-47951","qid":"199162","title":"Ubuntu Security Notification for Nova Vulnerability (USN-5835-5)"},{"cve":"CVE-2022-47951","qid":"199163","title":"Ubuntu Security Notification for Cinder Vulnerability (USN-5835-4)"},{"cve":"CVE-2022-47951","qid":"241231","title":"Red Hat Update for OpenStack Platform 17.0 (RHSA-2023:1015)"},{"cve":"CVE-2022-47951","qid":"241232","title":"Red Hat Update for OpenStack Platform 17.0 (RHSA-2023:1016)"},{"cve":"CVE-2022-47951","qid":"241235","title":"Red Hat Update for OpenStack Platform 17.0 (RHSA-2023:1017)"},{"cve":"CVE-2022-47951","qid":"241264","title":"Red Hat Update for multiple OpenStack Platforms (RHSA-2023:1279)"},{"cve":"CVE-2022-47951","qid":"241265","title":"Red Hat Update for multiple OpenStack Platforms (RHSA-2023:1278)"},{"cve":"CVE-2022-47951","qid":"241270","title":"Red Hat Update for multiple OpenStack Platforms (RHSA-2023:1280)"},{"cve":"CVE-2022-47951","qid":"691112","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for py (a0509648-65ce-4a1b-855e-520a75bd2549)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2022-47951","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://launchpad.net/bugs/1996188","refsource":"MISC","name":"https://launchpad.net/bugs/1996188"},{"refsource":"CONFIRM","name":"https://security.openstack.org/ossa/OSSA-2023-002.html","url":"https://security.openstack.org/ossa/OSSA-2023-002.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230130 [SECURITY] [DLA 3300-1] glance security update","url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230130 [SECURITY] [DLA 3301-1] cinder security update","url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230130 [SECURITY] [DLA 3302-1] nova security update","url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html"},{"refsource":"DEBIAN","name":"DSA-5336","url":"https://www.debian.org/security/2023/dsa-5336"},{"refsource":"DEBIAN","name":"DSA-5338","url":"https://www.debian.org/security/2023/dsa-5338"},{"refsource":"DEBIAN","name":"DSA-5337","url":"https://www.debian.org/security/2023/dsa-5337"}]}},"nvd":{"publishedDate":"2023-01-26 22:15:00","lastModifiedDate":"2023-02-06 17:27:00","problem_types":["CWE-22"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.1,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","versionStartIncluding":"25.0.0","versionEndExcluding":"25.0.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*","versionStartIncluding":"24.0.0","versionEndExcluding":"24.1.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*","versionStartIncluding":"20.0.0","versionEndExcluding":"20.0.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:cinder:*:*:*:*:*:*:*:*","versionEndIncluding":"19.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:nova:*:*:*:*:*:*:*:*","versionEndExcluding":"24.1.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openstack:glance:*:*:*:*:*:*:*:*","versionEndExcluding":"23.0.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}