Описание
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:12.0.10-0ubuntu2.2 |
| devel | released | 2:21.1.0+git2023012815.c9e65529-0ubuntu1 |
| esm-infra/bionic | released | 2:12.0.10-0ubuntu2.2 |
| esm-infra/focal | released | 2:16.4.2-0ubuntu2.1 |
| esm-infra/xenial | needed | |
| focal | released | 2:16.4.2-0ubuntu2.1 |
| jammy | released | 2:20.1.0-0ubuntu1 |
| kinetic | released | 2:21.1.0-0ubuntu1 |
| lunar | released | 2:21.1.0+git2023012815.c9e65529-0ubuntu1 |
| mantic | released | 2:21.1.0+git2023012815.c9e65529-0ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | released | 2:26.0.0~b2+git2023012815.907c5626-0ubuntu1 |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/focal | released | 2:20.2.0-0ubuntu1.1 |
| esm-infra/xenial | not-affected | code not present |
| focal | released | 2:20.2.0-0ubuntu1.1 |
| jammy | released | 2:24.1.0-0ubuntu1.1 |
| kinetic | released | 2:25.0.0-0ubuntu1.1 |
| lunar | released | 2:26.0.0~b2+git2023012815.907c5626-0ubuntu1 |
| mantic | released | 2:26.0.0~b2+git2023012815.907c5626-0ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2:17.0.13-0ubuntu5.2 |
| devel | released | 3:26.1.0+git2023012815.98daf501-0ubuntu1 |
| esm-infra/bionic | released | 2:17.0.13-0ubuntu5.2 |
| esm-infra/focal | released | 2:21.2.4-0ubuntu2.1 |
| esm-infra/xenial | needed | |
| focal | released | 2:21.2.4-0ubuntu2.1 |
| jammy | released | 3:25.1.0-0ubuntu1 |
| kinetic | released | 3:26.1.0-0ubuntu1 |
| lunar | released | 3:26.1.0+git2023012815.98daf501-0ubuntu1 |
| mantic | released | 3:26.1.0+git2023012815.98daf501-0ubuntu1 |
Показывать по
Ссылки на источники
5.7 Medium
CVSS3
Связанные уязвимости
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before ...
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal
Уязвимость сервиса блочного хранения данных Openstack Cinder, связанная с использованием файлов и каталогов, доступных внешним сторонам, позволяющая нарушителю раскрыть защищаемую информацию
5.7 Medium
CVSS3