what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2022-47951

Status Candidate

Overview

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

Related Files

Red Hat Security Advisory 2023-1278-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1278-01 - An update for openstack-nova is now available for Red Hat OpenStack Platform. Red Hat Product Security has rated this update as having a security impact of Important.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-47951
SHA-256 | 84ce34082ecf15b501d3f5dd5b16dc64a671e600f50f733f68297abfc0d89c00
Red Hat Security Advisory 2023-1280-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1280-01 - OpenStack Image Service provides discovery, registration, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual disk images stored in a variety of back-end stores, including OpenStack Object Storage. Clients can register new virtual disk images with the Image Service, query for information on publicly available disk images, and use the Image Service's client library for streaming virtual disk images.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-47951
SHA-256 | 89e295e70434f59184fd0ddbd0e9497e8e195386dd84f491494e3d2d339783d6
Red Hat Security Advisory 2023-1279-01
Posted Mar 16, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1279-01 - Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-47951
SHA-256 | 1db5fa931e1b684f03db27c5a19241aad360cc9acaf7c54b3d3d28af04b2cc4d
Red Hat Security Advisory 2023-1017-01
Posted Mar 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1017-01 - OpenStack Image Service provides discovery,registration, and delivery services for virtual disk images. The Image Service API server provides a standard REST interface for querying information about virtual disk images stored in a variety of back-end stores, including OpenStack Object Storage. Clients can register new virtual disk images with the Image Service, query for information on publicly available disk images, and use the Image Service's client library for streaming virtual disk images.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-47951
SHA-256 | 80ab0faeedfbdf327d8426f0871c22b67707bc75bf6dd21d8bbbced6ad1b1c92
Red Hat Security Advisory 2023-1016-01
Posted Mar 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1016-01 - Cinder is the replacement of nova-volume in Folsom and beyond, used for block storage.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-47951
SHA-256 | bd3dd8c54d58013ab73540538eb2f9d5ac4338d7f6081ac715b81cd621b545dc
Red Hat Security Advisory 2023-1015-01
Posted Mar 1, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-1015-01 - OpenStack Compute is open source software designed to provision and manage large networks of virtual machines,creating a redundant and scalable cloud computing platform. It gives you the software, control panels, and APIs required to orchestrate a cloud, including running instances, managing networks, and controlling access through users and projects.OpenStack Compute strives to be both hardware and hypervisor agnostic, currently supporting a variety of standard hardware configurations and seven major hypervisors.

tags | advisory
systems | linux, redhat
advisories | CVE-2022-47951
SHA-256 | 93c5f30cf15b3fc63477f6581b0e8f07cb77caaec261a9c23601b89802364699
Ubuntu Security Notice USN-5835-5
Posted Feb 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5835-5 - USN-5835-3 fixed vulnerabilities in Nova. This update provides the corresponding updates for Ubuntu 18.04 LTS. Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-47951
SHA-256 | 849be3ecfe24a5c1a9e3f943a68b92a32c8177e09081ae6b746734cd27ea46d0
Ubuntu Security Notice USN-5835-4
Posted Feb 9, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5835-4 - USN-5835-1 fixed vulnerabilities in Cinder. This update provides the corresponding updates for Ubuntu 18.04 LTS. In addition, a regression was fixed for Ubuntu 20.04 LTS. Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-47951
SHA-256 | a7ff1600a9855ca7ba2c77382f0e93281df3f651f00851821d1955e102ffd77f
Debian Security Advisory 5338-1
Posted Feb 2, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5338-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in Cinder, the OpenStack block storage system, may result in information disclosure.

tags | advisory, info disclosure
systems | linux, debian
advisories | CVE-2022-47951
SHA-256 | c604abec12f33da162e6c4871d2162415ea1379e4e8220b00729b55a718ac756
Debian Security Advisory 5337-1
Posted Feb 2, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5337-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitising in the handling of VMDK images in OpenStack Compute (codenamed Nova) may result in information disclosure.

tags | advisory, info disclosure
systems | linux, debian
advisories | CVE-2022-47951
SHA-256 | 41d1c5abc2a1a62c08ba3eb73066cbcbc458374ae26b3e2144ac64570b6837b0
Debian Security Advisory 5336-1
Posted Feb 2, 2023
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5336-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou discovered that missing input sanitizing in the handling of VMDK images in Glance, the OpenStack image registry and delivery service, may result in information disclosure.

tags | advisory, registry, info disclosure
systems | linux, debian
advisories | CVE-2022-47951
SHA-256 | bc6ab4a0b7055df6421e280d8c79365890cc6208df474d9e8eea9c6511672a72
Ubuntu Security Notice USN-5835-3
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5835-3 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Nova incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-47951
SHA-256 | 4f0a5499385b4c636708b12bdb6f9102c53b1da14fe9a66a60cebc7215b1cfbe
Ubuntu Security Notice USN-5835-2
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5835-2 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that OpenStack Glance incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-47951
SHA-256 | 3fb505612e419d1d2c3f5347e187d7b947f82bc4c448a5a408057987d90c1572
Ubuntu Security Notice USN-5835-1
Posted Jan 31, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5835-1 - Guillaume Espanel, Pierre Libeau, Arnaud Morin, and Damien Rannou discovered that Cinder incorrectly handled VMDK image processing. An authenticated attacker could possibly supply a specially crafted VMDK flat image and obtain arbitrary files from the server containing sensitive information.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-47951
SHA-256 | c3b02490c9fb9598caf6f78dca5d1608afdcf55d22ee7f8ae3e403ca232a9dcc
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close