Data Exposure in OpenStack Cinder, Glance, and Nova Due to VMDK File Manipulation
CVE-2022-47951

5.7MEDIUM

Key Information:

Vendor
Openstack
Vendor
CVE Published:
26 January 2023

Summary

An issue within OpenStack's Cinder, Glance, and Nova components allows authenticated users to exploit specially crafted VMDK flat images. By referencing specific backing file paths, these users can potentially retrieve sensitive data stored on the server, leading to unauthorized access and data exposure risks.

References

CVSS V3.1

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.