Skip to main content

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2022-47951

Severity Medium
Score 5.7/10

Summary

An issue was discovered in OpenStack "cinder" package versions prior to 19.1.2, 20.0.x prior to 20.0.2, 21.0.0.0rc2, and 21.0.0; "glance" package versions prior to 23.0.1, 24.x prior to 24.1.1, 25.x prior to 25.1.0, and 26.0.0.0b2; and "nova" package versions prior to 24.1.2, 25.0.x prior to 25.0.2, and 26.x prior to 26.1.0. By supplying a specially created "VMDK" flat image that references a specific backing file path, an Authenticated User may convince systems to return a copy of that file's contents from the server, resulting in Unauthorized Access to Potentially Sensitive Data. NOTE: The "cinder" package versions 19.1.2, 20.0.2, "glance" package versions 23.0.1, 24.1.1, and "nova" package versions 24.1.2, 25.0.2 are not been published on GitHub nor in the Python package manager.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • LOW
  • HIGH
  • NONE

CWE-22 - Path Traversal

Path traversal (or directory traversal), is a vulnerability that allows malicious users to traverse the server's root directory, gaining access to arbitrary files and folders such as application code & data, back-end credentials, and sensitive operating system files. In the worst-case scenario, an attacker could potentially execute arbitrary files on the server, resulting in a denial of service attack. Such an exploit may severely impact the integrity, confidentiality, and availability of an application.

Advisory Timeline

  • Published