Lucene search

VmwareCVE-2023-20885

HistoryJun 16, 2023 - 1:15 p.m.

CVE-2023-20885

2023-06-1613:15:09

CWE-532

vmware

web.nvd.nist.gov

cve-2023-20885

cloud foundry

notifications

smb-volume

cf-nfs-volume

vulnerability

nvd

security advisory

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

34.8%

JSON

Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19.

Affected configurations

Nvd

Node

pivotalcloud_foundry_nfs_volumeRange5.0.0–5.0.27

pivotalcloud_foundry_nfs_volumeRange7.1.0–7.1.19

pivotalcloud_foundry_notificationsRange<63

pivotalcloud_foundry_smb_volumeRange<3.1.19

VendorProductVersionCPE
pivotalcloud_foundry_nfs_volume*cpe:2.3:a:pivotal:cloud_foundry_nfs_volume:*:*:*:*:*:*:*:*
pivotalcloud_foundry_notifications*cpe:2.3:a:pivotal:cloud_foundry_notifications:*:*:*:*:*:*:*:*
pivotalcloud_foundry_smb_volume*cpe:2.3:a:pivotal:cloud_foundry_smb_volume:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pivotal	cloud_foundry_nfs_volume	*	cpe:2.3:a:pivotal:cloud_foundry_nfs_volume::::::::
pivotal	cloud_foundry_notifications	*	cpe:2.3:a:pivotal:cloud_foundry_notifications::::::::
pivotal	cloud_foundry_smb_volume	*	cpe:2.3:a:pivotal:cloud_foundry_smb_volume::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": " Notifications",
    "vendor": "Cloud Foundry",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to 63"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SMB-volume release",
    "vendor": "Cloud Foundry",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to 3.1.19"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "cf-nfs-volume release",
    "vendor": "Cloud FOundry",
    "versions": [
      {
        "status": "affected",
        "version": "5.0.x versions prior to 5.0.27"
      },
      {
        "status": "affected",
        "version": "7.1.x versions prior to 7.1.19"
      }
    ]
  }
]

References

www.cloudfoundry.org/blog/cve-2023-20885-cf-workflows-leak-credentials-in-system-audit-logs/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

34.8%

JSON

Related for CVE-2023-20885