Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU71714
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47951
CWE-ID:
CWE-73 - External Control of File Name or Path
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to application allows an attacker to control path of the files when processing VMDK flat images. A remote user can create a specially crafted VMDK flat image that references a specific backing file path and convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
MitigationUpdate the affected package openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 12: SP4
SUSE OpenStack Cloud Crowbar: 9
SUSE OpenStack Cloud: 9
venv-openstack-monasca-ceilometer-x86_64: before 1.8.2~dev3-3.37.1
venv-openstack-heat-x86_64: before 11.0.4~dev4-3.39.1
openstack-nova-compute: before 18.3.1~dev92-3.46.1
venv-openstack-octavia-x86_64: before 3.2.3~dev7-4.37.1
venv-openstack-manila-x86_64: before 7.4.2~dev60-3.43.1
venv-openstack-nova-x86_64: before 18.3.1~dev92-3.45.1
venv-openstack-horizon-x86_64: before 14.1.1~dev11-4.45.1
venv-openstack-designate-x86_64: before 7.0.2~dev2-3.37.1
python-neutron-gbp: before 14.0.1~dev58-3.40.1
openstack-glance: before 17.0.1~dev30-3.6.2
openstack-nova-vncproxy: before 18.3.1~dev92-3.46.1
python-cinder: before 13.0.10~dev24-3.37.2
openstack-cinder-backup: before 13.0.10~dev24-3.37.2
openstack-nova-conductor: before 18.3.1~dev92-3.46.1
openstack-cinder-scheduler: before 13.0.10~dev24-3.37.2
venv-openstack-glance-x86_64: before 17.0.1~dev30-3.35.1
venv-openstack-keystone-x86_64: before 14.2.1~dev9-3.38.1
openstack-cinder: before 13.0.10~dev24-3.37.2
openstack-nova-api: before 18.3.1~dev92-3.46.1
openstack-neutron-gbp: before 14.0.1~dev58-3.40.1
venv-openstack-cinder-x86_64: before 13.0.10~dev24-3.40.1
python-nova: before 18.3.1~dev92-3.46.1
python-oslo.utils: before 3.36.5-3.6.1
openstack-nova-console: before 18.3.1~dev92-3.46.1
openstack-nova-novncproxy: before 18.3.1~dev92-3.46.1
python-glance: before 17.0.1~dev30-3.6.2
venv-openstack-ironic-x86_64: before 11.1.5~dev18-4.35.1
openstack-cinder-api: before 13.0.10~dev24-3.37.2
openstack-glance-api: before 17.0.1~dev30-3.6.2
openstack-nova-scheduler: before 18.3.1~dev92-3.46.1
openstack-nova-cells: before 18.3.1~dev92-3.46.1
venv-openstack-magnum-x86_64: before 7.2.1~dev1-4.37.1
openstack-nova-serialproxy: before 18.3.1~dev92-3.46.1
venv-openstack-barbican-x86_64: before 7.0.1~dev24-3.39.1
openstack-cinder-volume: before 13.0.10~dev24-3.37.2
openstack-nova: before 18.3.1~dev92-3.46.1
venv-openstack-neutron-x86_64: before 13.0.8~dev209-6.45.1
venv-openstack-monasca-x86_64: before 2.7.1~dev10-3.39.1
venv-openstack-swift-x86_64: before 2.19.2~dev48-2.32.1
openstack-nova-placement-api: before 18.3.1~dev92-3.46.1
venv-openstack-sahara-x86_64: before 9.0.2~dev15-3.37.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230844-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.