CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.7 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
5.7 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
openstackcinder
𝑥
≤ 19.1.2
openstackcinder
20.0.0 ≤
𝑥
< 20.0.2
openstackglance
𝑥
< 23.0.1
openstackglance
24.0.0 ≤
𝑥
< 24.1.1
openstacknova
𝑥
< 24.1.2
openstacknova
25.0.0 ≤
𝑥
< 25.0.2
debiandebian_linux
10.0
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cinder
bullseye
2:17.0.1-1+deb11u1
fixed
bullseye (security)
2:17.4.0-1~deb11u2
fixed
bookworm
2:21.3.1-1~deb12u1
fixed
bookworm (security)
2:21.3.1-1~deb12u1
fixed
sid
2:25.0.0-1
fixed
glance
bullseye
2:21.0.0-2+deb11u1
fixed
bullseye (security)
2:21.1.0-1+deb11u2
fixed
bookworm
2:25.1.0-2+deb12u1
fixed
bookworm (security)
2:25.1.0-2+deb12u1
fixed
sid
2:29.0.0-1
fixed
trixie
2:29.0.0-1
fixed
nova
bullseye
2:22.0.1-2+deb11u1
fixed
bullseye (security)
2:22.4.0-1~deb11u5
fixed
bookworm
2:26.2.2-1~deb12u3
fixed
bookworm (security)
2:26.2.2-1~deb12u3
fixed
sid
2:30.0.0-1
fixed
trixie
2:30.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cinder
noble
Fixed 2:21.1.0+git2023012815.c9e65529-0ubuntu1
released
mantic
Fixed 2:21.1.0+git2023012815.c9e65529-0ubuntu1
released
lunar
Fixed 2:21.1.0+git2023012815.c9e65529-0ubuntu1
released
kinetic
Fixed 2:21.1.0-0ubuntu1
released
jammy
Fixed 2:20.1.0-0ubuntu1
released
focal
Fixed 2:16.4.2-0ubuntu2.1
released
bionic
Fixed 2:12.0.10-0ubuntu2.2
released
xenial
needed
trusty
ignored
glance
noble
Fixed 2:26.0.0~b2+git2023012815.907c5626-0ubuntu1
released
mantic
Fixed 2:26.0.0~b2+git2023012815.907c5626-0ubuntu1
released
lunar
Fixed 2:26.0.0~b2+git2023012815.907c5626-0ubuntu1
released
kinetic
Fixed 2:25.0.0-0ubuntu1.1
released
jammy
Fixed 2:24.1.0-0ubuntu1.1
released
focal
Fixed 2:20.2.0-0ubuntu1.1
released
bionic
not-affected
xenial
not-affected
trusty
ignored
nova
noble
Fixed 3:26.1.0+git2023012815.98daf501-0ubuntu1
released
mantic
Fixed 3:26.1.0+git2023012815.98daf501-0ubuntu1
released
lunar
Fixed 3:26.1.0+git2023012815.98daf501-0ubuntu1
released
kinetic
Fixed 3:26.1.0-0ubuntu1
released
jammy
Fixed 3:25.1.0-0ubuntu1
released
focal
Fixed 2:21.2.4-0ubuntu2.1
released
bionic
Fixed 2:17.0.13-0ubuntu5.2
released
xenial
needed
trusty
ignored
Common Weakness Enumeration
References
https://launchpad.net/bugs/1996188
https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
https://security.openstack.org/ossa/OSSA-2023-002.html
https://www.debian.org/security/2023/dsa-5336
https://www.debian.org/security/2023/dsa-5337
https://www.debian.org/security/2023/dsa-5338
https://launchpad.net/bugs/1996188
https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
https://security.openstack.org/ossa/OSSA-2023-002.html
https://www.debian.org/security/2023/dsa-5336
https://www.debian.org/security/2023/dsa-5337
https://www.debian.org/security/2023/dsa-5338