Data Exposure in OpenStack Cinder, Glance, and Nova Due to VMDK File Manipulation
CVE-2022-47951
5.7MEDIUM
Summary
An issue within OpenStack's Cinder, Glance, and Nova components allows authenticated users to exploit specially crafted VMDK flat images. By referencing specific backing file paths, these users can potentially retrieve sensitive data stored on the server, leading to unauthorized access and data exposure risks.
References
CVSS V3.1
Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved