CVE-2022-47951

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-47951

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-47951.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-47951

Aliases

GHSA-7h75-hwxx-qpgc

Related

Published

2023-01-26T22:15:25Z

Modified

2024-11-17T10:51:01.884635Z

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

References

Affected packages

Debian:11 / cinder

Package

Name: cinder
Purl: pkg:deb/debian/cinder?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:17.0.1-1+deb11u1

Affected versions

2:17.*

2:17.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / cinder

Package

Name: cinder
Purl: pkg:deb/debian/cinder?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:21.0.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / cinder

Package

Name: cinder
Purl: pkg:deb/debian/cinder?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:21.0.0-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / glance

Package

Name: glance
Purl: pkg:deb/debian/glance?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:21.0.0-2+deb11u1

Affected versions

2:21.*

2:21.0.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / glance

Package

Name: glance
Purl: pkg:deb/debian/glance?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:25.0.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / glance

Package

Name: glance
Purl: pkg:deb/debian/glance?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:25.0.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / nova

Package

Name: nova
Purl: pkg:deb/debian/nova?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:22.0.1-2+deb11u1

Affected versions

2:22.*

2:22.0.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nova

Package

Name: nova
Purl: pkg:deb/debian/nova?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:26.0.0-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nova

Package

Name: nova
Purl: pkg:deb/debian/nova?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2:26.0.0-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/openstack/nova

Affected ranges

Type: GIT
Repo: https://github.com/openstack/nova
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a5ce4d806172f9d144633f297163e088c8ed1491

Affected versions

0.*

0.9.0

12.*

12.0.0

12.0.0.0b1

12.0.0.0b2

12.0.0.0b3

12.0.0.0rc1

12.0.0.0rc2

12.0.0.0rc3

12.0.0a0

13.*

13.0.0

13.0.0.0b1

13.0.0.0b2

13.0.0.0b3

13.0.0.0rc1

13.0.0.0rc2

13.0.0.0rc3

14.*

14.0.0.0b1

14.0.0.0b2

14.0.0.0b3

14.0.0.0rc1

15.*

15.0.0.0b1

15.0.0.0b2

15.0.0.0b3

15.0.0.0rc1

16.*

16.0.0.0b1

16.0.0.0b2

16.0.0.0b3

16.0.0.0rc1

17.*

17.0.0.0b1

17.0.0.0b2

17.0.0.0b3

17.0.0.0rc1

18.*

18.0.0.0b1

18.0.0.0b2

18.0.0.0b3

18.0.0.0rc1

19.*

19.0.0.0rc1

20.*

20.0.0.0rc1

2010.*

2010.1

2011.*

2011.1

2011.1rc1

2011.2

2011.2gamma1

2011.2rc1

2013.*

2013.1.rc1

2013.2.b3

2013.2.rc1

2014.*

2014.1.b1

2014.1.b2

2014.1.b3

2014.1.rc1

2014.2

2014.2.b1

2014.2.b2

2014.2.b3

2014.2.rc1

2014.2.rc2

2015.*

2015.1.0

2015.1.0b1

2015.1.0b2

2015.1.0b3

2015.1.0rc1

2015.1.0rc2

2015.1.0rc3

21.*

21.0.0.0rc1

22.*

22.0.0

22.0.0.0rc1

23.*

23.0.0

23.0.0.0rc1

23.0.0.0rc2

Other

diablo-1

diablo-2

essex-1

folsom-1

folsom-2