Moderate severityNVD Advisory· Published Jan 26, 2023· Updated Mar 31, 2025
CVE-2022-47951
CVE-2022-47951
Description
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cinderPyPI | < 19.1.2 | 19.1.2 |
cinderPyPI | >= 20.0.0, < 20.0.2 | 20.0.2 |
glancePyPI | < 23.0.1 | 23.0.1 |
glancePyPI | >= 24.0.0, < 24.1.1 | 24.1.1 |
novaPyPI | < 24.1.2 | 24.1.2 |
novaPyPI | >= 25.0.0, < 25.0.2 | 25.0.2 |
Affected products
90- ghsa-coords89 versionspkg:pypi/cinderpkg:pypi/glancepkg:pypi/novapkg:rpm/suse/openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-cinder-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-nova-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-oslo.utils&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-oslo.utils&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-oslo.utils&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-oslo.utils&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-oslo.utils&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-swift&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208
< 19.1.2+ 88 more
- (no CPE)range: < 19.1.2
- (no CPE)range: < 23.0.1
- (no CPE)range: < 24.1.2
- (no CPE)range: < 11.2.3~dev29-3.31.2
- (no CPE)range: < 11.2.3~dev29-3.31.2
- (no CPE)range: < 13.0.10~dev24-3.37.2
- (no CPE)range: < 11.2.3~dev29-3.31.2
- (no CPE)range: < 13.0.10~dev24-3.37.2
- (no CPE)range: < 11.2.3~dev29-3.31.1
- (no CPE)range: < 11.2.3~dev29-3.31.1
- (no CPE)range: < 11.2.3~dev29-3.31.1
- (no CPE)range: < 17.0.1~dev30-3.6.2
- (no CPE)range: < 17.0.1~dev30-3.6.2
- (no CPE)range: < 14.0.1~dev58-3.40.1
- (no CPE)range: < 14.0.1~dev58-3.40.1
- (no CPE)range: < 16.1.9~dev92-3.51.2
- (no CPE)range: < 16.1.9~dev92-3.51.2
- (no CPE)range: < 18.3.1~dev92-3.46.1
- (no CPE)range: < 16.1.9~dev92-3.51.2
- (no CPE)range: < 18.3.1~dev92-3.46.1
- (no CPE)range: < 16.1.9~dev92-3.51.1
- (no CPE)range: < 16.1.9~dev92-3.51.1
- (no CPE)range: < 16.1.9~dev92-3.51.1
- (no CPE)range: < 3.28.4-3.9.1
- (no CPE)range: < 3.28.4-3.9.1
- (no CPE)range: < 3.36.5-3.6.1
- (no CPE)range: < 3.28.4-3.9.1
- (no CPE)range: < 3.36.5-3.6.1
- (no CPE)range: < 5.1.1~dev7-12.42.1
- (no CPE)range: < 5.1.1~dev7-12.42.1
- (no CPE)range: < 5.0.2~dev3-12.45.1
- (no CPE)range: < 5.0.2~dev3-12.45.1
- (no CPE)range: < 7.0.1~dev24-3.39.1
- (no CPE)range: < 9.0.8~dev7-12.40.1
- (no CPE)range: < 9.0.8~dev7-12.40.1
- (no CPE)range: < 11.2.3~dev29-14.44.1
- (no CPE)range: < 11.2.3~dev29-14.44.1
- (no CPE)range: < 13.0.10~dev24-3.40.1
- (no CPE)range: < 5.0.3~dev7-12.41.1
- (no CPE)range: < 5.0.3~dev7-12.41.1
- (no CPE)range: < 7.0.2~dev2-3.37.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.38.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.38.1
- (no CPE)range: < 15.0.3~dev3-12.41.1
- (no CPE)range: < 15.0.3~dev3-12.41.1
- (no CPE)range: < 17.0.1~dev30-3.35.1
- (no CPE)range: < 9.0.8~dev22-12.47.1
- (no CPE)range: < 9.0.8~dev22-12.47.1
- (no CPE)range: < 11.0.4~dev4-3.39.1
- (no CPE)range: < 12.0.5~dev6-14.50.2
- (no CPE)range: < 14.1.1~dev11-4.45.1
- (no CPE)range: < 12.0.5~dev6-14.50.1
- (no CPE)range: < 9.1.8~dev8-12.43.1
- (no CPE)range: < 9.1.8~dev8-12.43.1
- (no CPE)range: < 11.1.5~dev18-4.35.1
- (no CPE)range: < 12.0.4~dev11-11.47.1
- (no CPE)range: < 12.0.4~dev11-11.47.1
- (no CPE)range: < 14.2.1~dev9-3.38.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.42.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.42.1
- (no CPE)range: < 7.2.1~dev1-4.37.1
- (no CPE)range: < 5.1.1~dev5-12.47.1
- (no CPE)range: < 5.1.1~dev5-12.47.1
- (no CPE)range: < 7.4.2~dev60-3.43.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.38.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.38.1
- (no CPE)range: < 1.8.2~dev3-3.37.1
- (no CPE)range: < 2.2.2~dev1-11.47.1
- (no CPE)range: < 2.2.2~dev1-11.47.1
- (no CPE)range: < 2.7.1~dev10-3.39.1
- (no CPE)range: < 4.0.2~dev3-12.40.1
- (no CPE)range: < 4.0.2~dev3-12.40.1
- (no CPE)range: < 11.0.9~dev69-13.48.1
- (no CPE)range: < 11.0.9~dev69-13.48.1
- (no CPE)range: < 13.0.8~dev209-6.45.1
- (no CPE)range: < 16.1.9~dev92-11.46.1
- (no CPE)range: < 16.1.9~dev92-11.46.1
- (no CPE)range: < 18.3.1~dev92-3.45.1
- (no CPE)range: < 1.0.6~dev3-12.43.1
- (no CPE)range: < 1.0.6~dev3-12.43.1
- (no CPE)range: < 3.2.3~dev7-4.37.1
- (no CPE)range: < 7.0.5~dev4-11.42.1
- (no CPE)range: < 7.0.5~dev4-11.42.1
- (no CPE)range: < 9.0.2~dev15-3.37.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.33.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.33.1
- (no CPE)range: < 2.19.2~dev48-2.32.1
- (no CPE)range: < 8.0.2~dev2-11.42.1
- (no CPE)range: < 8.0.2~dev2-11.42.1
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-7h75-hwxx-qpgcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-47951ghsaADVISORY
- www.debian.org/security/2023/dsa-5336ghsavendor-advisoryWEB
- www.debian.org/security/2023/dsa-5337ghsavendor-advisoryWEB
- www.debian.org/security/2023/dsa-5338ghsavendor-advisoryWEB
- launchpad.net/bugs/1996188ghsaWEB
- lists.debian.org/debian-lts-announce/2023/01/msg00040.htmlghsamailing-listWEB
- lists.debian.org/debian-lts-announce/2023/01/msg00041.htmlghsamailing-listWEB
- lists.debian.org/debian-lts-announce/2023/01/msg00042.htmlghsamailing-listWEB
- security.openstack.org/ossa/OSSA-2023-002.htmlghsaWEB
News mentions
0No linked articles in our index yet.