VYPR
Moderate severityNVD Advisory· Published Jan 26, 2023· Updated Mar 31, 2025

CVE-2022-47951

CVE-2022-47951

Description

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cinderPyPI
< 19.1.219.1.2
cinderPyPI
>= 20.0.0, < 20.0.220.0.2
glancePyPI
< 23.0.123.0.1
glancePyPI
>= 24.0.0, < 24.1.124.1.1
novaPyPI
< 24.1.224.1.2
novaPyPI
>= 25.0.0, < 25.0.225.0.2

Affected products

90

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.