Vulnerability Details CVE-2022-47951
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.0%
CVSS Severity
CVSS v3 Score 5.7
References
- https://launchpad.net/bugs/1996188
- https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
- https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
- https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
- https://security.openstack.org/ossa/OSSA-2023-002.html
- https://www.debian.org/security/2023/dsa-5336
- https://www.debian.org/security/2023/dsa-5337
- https://www.debian.org/security/2023/dsa-5338
- https://launchpad.net/bugs/1996188
- https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
- https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
- https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
- https://security.openstack.org/ossa/OSSA-2023-002.html
- https://www.debian.org/security/2023/dsa-5336
- https://www.debian.org/security/2023/dsa-5337
- https://www.debian.org/security/2023/dsa-5338
Products affected by CVE-2022-47951
-
cpe:2.3:a:openstack:cinder:10.0.0
-
cpe:2.3:a:openstack:cinder:10.0.2
-
cpe:2.3:a:openstack:cinder:11.0.0
-
cpe:2.3:a:openstack:cinder:11.1.0
-
cpe:2.3:a:openstack:cinder:11.2.0
-
cpe:2.3:a:openstack:cinder:11.2.1
-
cpe:2.3:a:openstack:cinder:11.2.2
-
cpe:2.3:a:openstack:cinder:12.0.0
-
cpe:2.3:a:openstack:cinder:12.0.10
-
cpe:2.3:a:openstack:cinder:12.0.2
-
cpe:2.3:a:openstack:cinder:12.0.5
-
cpe:2.3:a:openstack:cinder:12.0.6
-
cpe:2.3:a:openstack:cinder:12.0.7
-
cpe:2.3:a:openstack:cinder:12.0.7-13
-
cpe:2.3:a:openstack:cinder:12.0.8
-
cpe:2.3:a:openstack:cinder:12.0.9
-
cpe:2.3:a:openstack:cinder:13.0.0
-
cpe:2.3:a:openstack:cinder:13.0.0.0
-
cpe:2.3:a:openstack:cinder:13.0.1
-
cpe:2.3:a:openstack:cinder:13.0.2
-
cpe:2.3:a:openstack:cinder:13.0.3
-
cpe:2.3:a:openstack:cinder:13.0.4
-
cpe:2.3:a:openstack:cinder:13.0.5
-
cpe:2.3:a:openstack:cinder:13.0.5-11
-
cpe:2.3:a:openstack:cinder:13.0.6
-
cpe:2.3:a:openstack:cinder:13.0.7
-
cpe:2.3:a:openstack:cinder:13.0.8
-
cpe:2.3:a:openstack:cinder:13.0.9
-
cpe:2.3:a:openstack:cinder:14.0.0
-
cpe:2.3:a:openstack:cinder:14.0.0-18
-
cpe:2.3:a:openstack:cinder:14.0.0.0
-
cpe:2.3:a:openstack:cinder:14.0.1
-
cpe:2.3:a:openstack:cinder:14.0.2
-
cpe:2.3:a:openstack:cinder:14.0.3
-
cpe:2.3:a:openstack:cinder:14.0.4
-
cpe:2.3:a:openstack:cinder:14.1.0
-
cpe:2.3:a:openstack:cinder:14.2.0
-
cpe:2.3:a:openstack:cinder:14.2.1
-
cpe:2.3:a:openstack:cinder:14.3.0
-
cpe:2.3:a:openstack:cinder:14.3.1
-
cpe:2.3:a:openstack:cinder:15.0.0
-
cpe:2.3:a:openstack:cinder:15.0.0.0
-
cpe:2.3:a:openstack:cinder:15.0.1
-
cpe:2.3:a:openstack:cinder:15.1.0
-
cpe:2.3:a:openstack:cinder:15.2.0
-
cpe:2.3:a:openstack:cinder:15.3.0
-
cpe:2.3:a:openstack:cinder:15.4.0
-
cpe:2.3:a:openstack:cinder:15.4.1
-
cpe:2.3:a:openstack:cinder:15.5.0
-
cpe:2.3:a:openstack:cinder:15.6.0
-
cpe:2.3:a:openstack:cinder:16.0.0
-
cpe:2.3:a:openstack:cinder:16.0.0.0
-
cpe:2.3:a:openstack:cinder:16.1.0
-
cpe:2.3:a:openstack:cinder:16.2.0
-
cpe:2.3:a:openstack:cinder:16.2.1
-
cpe:2.3:a:openstack:cinder:16.3.0
-
cpe:2.3:a:openstack:cinder:16.4.0
-
cpe:2.3:a:openstack:cinder:16.4.1
-
cpe:2.3:a:openstack:cinder:16.4.2
-
cpe:2.3:a:openstack:cinder:17.0.0
-
cpe:2.3:a:openstack:cinder:17.0.0.0
-
cpe:2.3:a:openstack:cinder:17.0.1
-
cpe:2.3:a:openstack:cinder:17.1.0
-
cpe:2.3:a:openstack:cinder:17.2.0
-
cpe:2.3:a:openstack:cinder:17.3.0
-
cpe:2.3:a:openstack:cinder:17.4.0
-
cpe:2.3:a:openstack:cinder:18.0.0
-
cpe:2.3:a:openstack:cinder:18.0.0.0
-
cpe:2.3:a:openstack:cinder:18.1.0
-
cpe:2.3:a:openstack:cinder:18.2.0
-
cpe:2.3:a:openstack:cinder:18.2.1
-
cpe:2.3:a:openstack:cinder:19.0.0
-
cpe:2.3:a:openstack:cinder:19.0.0.0
-
cpe:2.3:a:openstack:cinder:19.1.0
-
cpe:2.3:a:openstack:cinder:19.1.1
-
cpe:2.3:a:openstack:cinder:19.1.2
-
cpe:2.3:a:openstack:cinder:20.0.0
-
cpe:2.3:a:openstack:cinder:20.0.0.0
-
cpe:2.3:a:openstack:cinder:20.0.1
-
cpe:2.3:a:openstack:cinder:7.0.0
-
cpe:2.3:a:openstack:cinder:7.0.2
-
cpe:2.3:a:openstack:cinder:8.0.0
-
cpe:2.3:a:openstack:cinder:8.1.0
-
cpe:2.3:a:openstack:cinder:9.0.0
-
cpe:2.3:a:openstack:cinder:9.1.3
-
cpe:2.3:a:openstack:cinder:9.1.4
-
cpe:2.3:a:openstack:glance:0.1.7
-
cpe:2.3:a:openstack:glance:1.0
-
cpe:2.3:a:openstack:glance:11.0.0
-
cpe:2.3:a:openstack:glance:11.0.1
-
cpe:2.3:a:openstack:glance:11.0.2
-
cpe:2.3:a:openstack:glance:12.0.0
-
cpe:2.3:a:openstack:glance:13.0.0
-
cpe:2.3:a:openstack:glance:14.0.0
-
cpe:2.3:a:openstack:glance:14.0.1
-
cpe:2.3:a:openstack:glance:15.0.0
-
cpe:2.3:a:openstack:glance:15.0.1
-
cpe:2.3:a:openstack:glance:15.0.2
-
cpe:2.3:a:openstack:glance:16.0.0
-
cpe:2.3:a:openstack:glance:16.0.1
-
cpe:2.3:a:openstack:glance:17.0.0
-
cpe:2.3:a:openstack:glance:18.0.0
-
cpe:2.3:a:openstack:glance:19.0.0
-
cpe:2.3:a:openstack:glance:19.0.1
-
cpe:2.3:a:openstack:glance:19.0.2
-
cpe:2.3:a:openstack:glance:19.0.3
-
cpe:2.3:a:openstack:glance:19.0.4
-
cpe:2.3:a:openstack:glance:2.0
-
cpe:2.3:a:openstack:glance:20.0.0
-
cpe:2.3:a:openstack:glance:20.0.0.0
-
cpe:2.3:a:openstack:glance:20.0.1
-
cpe:2.3:a:openstack:glance:20.1.0
-
cpe:2.3:a:openstack:glance:21.0.0
-
cpe:2.3:a:openstack:glance:21.0.0.0
-
cpe:2.3:a:openstack:glance:22.0.0
-
cpe:2.3:a:openstack:glance:22.0.0.0
-
cpe:2.3:a:openstack:glance:22.1.0
-
cpe:2.3:a:openstack:glance:23.0.0
-
cpe:2.3:a:openstack:glance:23.0.0.0
-
cpe:2.3:a:openstack:glance:24.0.0
-
cpe:2.3:a:openstack:glance:24.0.0.0
-
cpe:2.3:a:openstack:glance:24.1.0
-
cpe:2.3:a:openstack:nova:-
-
cpe:2.3:a:openstack:nova:0.9.0
-
cpe:2.3:a:openstack:nova:12.0.0
-
cpe:2.3:a:openstack:nova:12.0.1
-
cpe:2.3:a:openstack:nova:12.0.2
-
cpe:2.3:a:openstack:nova:12.0.3
-
cpe:2.3:a:openstack:nova:12.0.4
-
cpe:2.3:a:openstack:nova:12.0.5
-
cpe:2.3:a:openstack:nova:12.0.6
-
cpe:2.3:a:openstack:nova:13.0.0
-
cpe:2.3:a:openstack:nova:13.1.0
-
cpe:2.3:a:openstack:nova:13.1.1
-
cpe:2.3:a:openstack:nova:13.1.2
-
cpe:2.3:a:openstack:nova:13.1.3
-
cpe:2.3:a:openstack:nova:13.1.4
-
cpe:2.3:a:openstack:nova:14.0.0
-
cpe:2.3:a:openstack:nova:14.0.1
-
cpe:2.3:a:openstack:nova:14.0.10
-
cpe:2.3:a:openstack:nova:14.0.2
-
cpe:2.3:a:openstack:nova:14.0.3
-
cpe:2.3:a:openstack:nova:14.0.4
-
cpe:2.3:a:openstack:nova:14.0.5
-
cpe:2.3:a:openstack:nova:14.0.6
-
cpe:2.3:a:openstack:nova:14.0.7
-
cpe:2.3:a:openstack:nova:14.0.8
-
cpe:2.3:a:openstack:nova:14.0.9
-
cpe:2.3:a:openstack:nova:14.1.0
-
cpe:2.3:a:openstack:nova:15.0.0
-
cpe:2.3:a:openstack:nova:15.0.1
-
cpe:2.3:a:openstack:nova:15.0.2
-
cpe:2.3:a:openstack:nova:15.0.3
-
cpe:2.3:a:openstack:nova:15.0.4
-
cpe:2.3:a:openstack:nova:15.0.5
-
cpe:2.3:a:openstack:nova:15.0.6
-
cpe:2.3:a:openstack:nova:15.0.7
-
cpe:2.3:a:openstack:nova:15.0.8
-
cpe:2.3:a:openstack:nova:15.1.0
-
cpe:2.3:a:openstack:nova:15.1.1
-
cpe:2.3:a:openstack:nova:15.1.2
-
cpe:2.3:a:openstack:nova:15.1.3
-
cpe:2.3:a:openstack:nova:15.1.4
-
cpe:2.3:a:openstack:nova:15.1.5
-
cpe:2.3:a:openstack:nova:16.0.0
-
cpe:2.3:a:openstack:nova:16.0.1
-
cpe:2.3:a:openstack:nova:16.0.2
-
cpe:2.3:a:openstack:nova:16.0.3
-
cpe:2.3:a:openstack:nova:16.0.4
-
cpe:2.3:a:openstack:nova:16.1.0
-
cpe:2.3:a:openstack:nova:16.1.1
-
cpe:2.3:a:openstack:nova:16.1.2
-
cpe:2.3:a:openstack:nova:16.1.3
-
cpe:2.3:a:openstack:nova:16.1.4
-
cpe:2.3:a:openstack:nova:16.1.5
-
cpe:2.3:a:openstack:nova:16.1.6
-
cpe:2.3:a:openstack:nova:16.1.7
-
cpe:2.3:a:openstack:nova:16.1.8
-
cpe:2.3:a:openstack:nova:17.0.0
-
cpe:2.3:a:openstack:nova:17.0.1
-
cpe:2.3:a:openstack:nova:17.0.10
-
cpe:2.3:a:openstack:nova:17.0.11
-
cpe:2.3:a:openstack:nova:17.0.12
-
cpe:2.3:a:openstack:nova:17.0.13
-
cpe:2.3:a:openstack:nova:17.0.2
-
cpe:2.3:a:openstack:nova:17.0.3
-
cpe:2.3:a:openstack:nova:17.0.4
-
cpe:2.3:a:openstack:nova:17.0.5
-
cpe:2.3:a:openstack:nova:17.0.6
-
cpe:2.3:a:openstack:nova:17.0.7
-
cpe:2.3:a:openstack:nova:17.0.8
-
cpe:2.3:a:openstack:nova:17.0.9
-
cpe:2.3:a:openstack:nova:18.0.0
-
cpe:2.3:a:openstack:nova:18.0.1
-
cpe:2.3:a:openstack:nova:18.0.2
-
cpe:2.3:a:openstack:nova:18.0.3
-
cpe:2.3:a:openstack:nova:18.1.0
-
cpe:2.3:a:openstack:nova:18.2.0
-
cpe:2.3:a:openstack:nova:18.2.1
-
cpe:2.3:a:openstack:nova:18.2.2
-
cpe:2.3:a:openstack:nova:18.2.3
-
cpe:2.3:a:openstack:nova:18.2.4
-
cpe:2.3:a:openstack:nova:19.0.0
-
cpe:2.3:a:openstack:nova:19.0.1
-
cpe:2.3:a:openstack:nova:19.0.2
-
cpe:2.3:a:openstack:nova:19.0.3
-
cpe:2.3:a:openstack:nova:19.1.0
-
cpe:2.3:a:openstack:nova:19.3.1
-
cpe:2.3:a:openstack:nova:20.0.0
-
cpe:2.3:a:openstack:nova:20.1.0
-
cpe:2.3:a:openstack:nova:20.3.1
-
cpe:2.3:a:openstack:nova:21.0.0
-
cpe:2.3:a:openstack:nova:21.2.3
-
cpe:2.3:a:openstack:nova:22.0.0
-
cpe:2.3:a:openstack:nova:22.2.3
-
cpe:2.3:a:openstack:nova:23.0.0
-
cpe:2.3:a:openstack:nova:23.0.3
-
cpe:2.3:a:openstack:nova:23.2.1
-
cpe:2.3:a:openstack:nova:23.2.2
-
cpe:2.3:a:openstack:nova:24.0.0
-
cpe:2.3:a:openstack:nova:24.1.1
-
cpe:2.3:a:openstack:nova:25.0.0
-
cpe:2.3:a:openstack:nova:25.0.1
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0