Lucene search

K

GoogleOSV:RLSA-2023:5312

HistorySep 26, 2023 - 1:25 p.m.

Important: open-vm-tools security update

2023-09-2613:25:26

Google

osv.dev

10

open virtual machine tools

vmware tools

security update

saml token

cve-2023-20900

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.9%

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Security Fix(es):

open-vm-tools: SAML token signature bypass (CVE-2023-20900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

bugzilla.redhat.com/show_bug.cgi?id=2236542

errata.rockylinux.org/RLSA-2023:5312

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.9%

Related for OSV:RLSA-2023:5312

redhat8 osv8 nessus36 openvas15 ubuntu2 rocky2 oraclelinux3 amazon1 alpinelinux1 vmware2 debiancve1 redos1 redhatcve1 debian2 prion1 rosalinux1 ubuntucve1 almalinux2 nvd1 veracode1 cvelist1 cve1 fedora3 photon3 thn1 ibm3