// For flags

CVE-2022-47951

openstack: Arbitrary file access through custom VMDK flat descriptor

Severity Score

5.7
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

Se descubrió un problema en OpenStack Cinder antes de 19.1.2, 20.x antes de 20.0.2 y 21.0.0; Vistazo antes de 23.0.1, 24.x antes de 24.1.1 y 25.0.0; y Nova antes de 24.1.2, 25.x antes de 25.0.2 y 26.0.0. Al proporcionar una imagen plana VMDK especialmente creada que hace referencia a una ruta de archivo de respaldo específica, un usuario autenticado puede convencer a los sistemas para que devuelvan una copia del contenido de ese archivo desde el servidor, lo que resulta en un acceso no autorizado a datos potencialmente confidenciales.

A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-12-24 CVE Reserved
  • 2023-01-26 CVE Published
  • 2024-05-15 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-552: Files or Directories Accessible to External Parties
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openstack
Search vendor "Openstack"
Cinder
Search vendor "Openstack" for product "Cinder"
<= 19.1.2
Search vendor "Openstack" for product "Cinder" and version " <= 19.1.2"
-
Affected
Openstack
Search vendor "Openstack"
Cinder
Search vendor "Openstack" for product "Cinder"
>= 20.0.0 < 20.0.2
Search vendor "Openstack" for product "Cinder" and version " >= 20.0.0 < 20.0.2"
-
Affected
Openstack
Search vendor "Openstack"
Glance
Search vendor "Openstack" for product "Glance"
< 23.0.1
Search vendor "Openstack" for product "Glance" and version " < 23.0.1"
-
Affected
Openstack
Search vendor "Openstack"
Glance
Search vendor "Openstack" for product "Glance"
>= 24.0.0 < 24.1.1
Search vendor "Openstack" for product "Glance" and version " >= 24.0.0 < 24.1.1"
-
Affected
Openstack
Search vendor "Openstack"
Nova
Search vendor "Openstack" for product "Nova"
< 24.1.2
Search vendor "Openstack" for product "Nova" and version " < 24.1.2"
-
Affected
Openstack
Search vendor "Openstack"
Nova
Search vendor "Openstack" for product "Nova"
>= 25.0.0 < 25.0.2
Search vendor "Openstack" for product "Nova" and version " >= 25.0.0 < 25.0.2"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected