CVE-2022-47951

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-47951
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-47951.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-47951
Aliases
Downstream
Related
Published
2023-01-26T22:15:25.823Z
Modified
2026-03-20T12:20:32.291703Z
Severity
  • 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

References

Affected packages

Git / github.com/openstack/cinder

Affected ranges

Type
GIT
Repo
https://github.com/openstack/cinder
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
20fba8389185c166cd879b797ed3548898601c9a
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7524a44ebb13b76cf42adee0bfff4d999f8dfbb5
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "10.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/openstack/nova
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a5ce4d806172f9d144633f297163e088c8ed1491
Introduced
928d3feffd674a842d4bb4348d2f0e0d7e93a8a5
Fixed
3872647092353229302919d305758f3fc777277f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "23.0.1"
        },
        {
            "introduced": "24.0.0"
        },
        {
            "fixed": "24.1.1"
        }
    ]
}

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.1.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "20.0.0"
            },
            {
                "fixed": "20.0.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "24.1.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "25.0.0"
            },
            {
                "fixed": "25.0.2"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-47951.json"