Lucene search

K

GoogleOSV:RLSA-2023:5312

HistorySep 26, 2023 - 1:25 p.m.

Important: open-vm-tools security update

2023-09-2613:25:26

Google

osv.dev

11

open virtual machine tools

vmware tools

security update

saml token

cve-2023-20900

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.0%

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Security Fix(es):

open-vm-tools: SAML token signature bypass (CVE-2023-20900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

bugzilla.redhat.com/show_bug.cgi?id=2236542

errata.rockylinux.org/RLSA-2023:5312

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.0%

Related for OSV:RLSA-2023:5312

debiancve1 nessus36 redhat8 osv8 openvas15 alpinelinux1 vmware2 amazon1 oraclelinux3 redos1 debian2 redhatcve1 rocky2 cve1 rosalinux1 cvelist1 nvd1 ubuntucve1 ubuntu2 almalinux2 veracode1 prion1 photon3 fedora3 thn1 ibm3