#VU71714 External Control of File Name or Path in Cinder


Published: 2023-01-31 | Updated: 2023-02-28

Vulnerability identifier: #VU71714

Vulnerability risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-47951

CWE-ID: CWE-73

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cinder
Server applications / Other server solutions

Vendor: Openstack

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to application allows an attacker to control path of the files when processing VMDK flat images. A remote user can create a specially crafted VMDK flat image that references a specific backing file path and convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Cinder: 21.0.0, 20.1.0, 20.0.0 - 20.0.1, 19.2.0, 19.1.0 - 19.1.1, 19.0.0

External links
http://security.openstack.org/ossa/OSSA-2023-002.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


SUSE update for openstack-cinder, openstack-nova, python-oslo.utils
SUSE update for openstack-cinder, openstack-glance, openstack-neutron-gbp, openstack-nova, python-oslo.utils
Red Hat OpenStack Platform update for openstack-nova
Red Hat OpenStack Platform update for openstack-cinder
Red Hat OpenStack Platform update for openstack-glance
Information disclosure in Red Hat OpenStack Platform
Ubuntu update for cinder
Ubuntu update for nova
Debian update for glance
Debian update for nova