glance is vulnerable to Information Disclosure. An authenticated attacker is able to convince systems to return a copy of a file’s contents from the server via supplying a specially created VMDK flat image that references that specific backing file path, resulting in unauthorized access to potentially sensitive data.
git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2022-47951
launchpad.net/bugs/1996188
lists.debian.org/debian-lts-announce/2023/01/msg00040.html
lists.debian.org/debian-lts-announce/2023/01/msg00041.html
lists.debian.org/debian-lts-announce/2023/01/msg00042.html
security.openstack.org/ossa/OSSA-2023-002.html
www.debian.org/security/2023/dsa-5336
www.debian.org/security/2023/dsa-5337
www.debian.org/security/2023/dsa-5338