CVE 2022-47951
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
Related bugs and status
CVE-2022-47951 (Candidate) is related to these bugs:
Bug #1996188: [OSSA-2023-002] Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951)
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1996188 | [OSSA-2023-002] Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) | OpenStack Compute (nova) | Critical | Fix Released | ||
1996188 | [OSSA-2023-002] Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) | OpenStack Security Advisory | High | Fix Released | ||
1996188 | [OSSA-2023-002] Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) | Cinder | Critical | Fix Released | ||
1996188 | [OSSA-2023-002] Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951) | Glance | Undecided | Fix Released |
Bug #2008064: image_utils: ImageUnacceptable exception during creating volume
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2008064 | image_utils: ImageUnacceptable exception during creating volume | tacker | Undecided | Fix Released |
Bug #2011709: [SRU] zed stable releases
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2011709 | [SRU] zed stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
2011709 | [SRU] zed stable releases | Ubuntu Cloud Archive zed | High | Fix Released | ||
2011709 | [SRU] zed stable releases | glance (Ubuntu) | Undecided | Invalid | ||
2011709 | [SRU] zed stable releases | glance (Ubuntu Kinetic) | High | Fix Released | ||
2011709 | [SRU] zed stable releases | neutron (Ubuntu) | Undecided | Invalid | ||
2011709 | [SRU] zed stable releases | neutron (Ubuntu Kinetic) | High | Fix Released |
Bug #2011713: [SRU] yoga stable releases
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2011713 | [SRU] yoga stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
2011713 | [SRU] yoga stable releases | Ubuntu Cloud Archive yoga | High | Fix Released | ||
2011713 | [SRU] yoga stable releases | glance (Ubuntu) | Undecided | Invalid | ||
2011713 | [SRU] yoga stable releases | glance (Ubuntu Jammy) | High | Fix Released | ||
2011713 | [SRU] yoga stable releases | neutron (Ubuntu) | Undecided | Invalid | ||
2011713 | [SRU] yoga stable releases | neutron (Ubuntu Jammy) | High | Fix Released |
Bug #2011714: [SRU] xena stable releases
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2011714 | [SRU] xena stable releases | Ubuntu Cloud Archive | Undecided | Invalid | ||
2011714 | [SRU] xena stable releases | Ubuntu Cloud Archive xena | High | Fix Released |
See the
CVE page on Mitre.org
for more details.