Home > Vulnerability Database > CVE-2022-47951

Mend.io Vulnerability Database

CVE-2022-47951

Good to know:

Date: January 26, 2023

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

Language: Python

Severity Score

5.7

Related Resources (11)

Url: https://security-tracker.debian.org/tracker/CVE-2022-47951

Url: https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html

Url: https://launchpad.net/bugs/1996188

Url: https://security.openstack.org/ossa/OSSA-2023-002.html

Url: https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html

Url: https://www.debian.org/security/2023/dsa-5336

Url: https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-47951

Url: https://www.debian.org/security/2023/dsa-5337

Url: https://www.debian.org/security/2023/dsa-5338

Url: https://www.mend.io/vulnerability-database/CVE-2022-47951

Severity Score

5.7

Weakness Type (CWE)

Path Traversal

CWE-22

Top Fix

Upgrade Version

Upgrade to version cinder - 19.2.0,20.1.0,21.1.0 glance - 23.1.0,24.2.0, nova - 24.2.0,25.1.0

Learn More

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-47951

Good to know:

Date: January 26, 2023

Language: Python

Severity Score

Related Resources (11)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?