VMwareVMSA-2022-0003VMware Cloud Foundation contains an information disclosure vulnerability due to the logging of plaintext credentials within some log files.
EPSS
Percentile
26.8%
1. Impacted Products
VMware Cloud Foundation (Cloud Foundation)
2. Introduction
An Information disclosure vulnerability in VMware Cloud Foundation SDDC Manager was discovered. Updates are available to remediate this vulnerability in VMware Cloud Foundation.
3. Information disclosure vulnerability in VMware Cloud Foundation SDDC Manager (CVE-2022-22939)
Description
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager.
Known Attack Vectors
A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.
Resolution
To remediate CVE-2022-22939 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below to affected deployments.
Workarounds
Workarounds for CVE-2022-22939 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.
Additional Documentation
None.
Notes
None.
Acknowledgements
None.
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22939
docs.vmware.com/en/VMware-Cloud-Foundation/3.11/rn/VMware-Cloud-Foundation-311-Release-Notes.html
docs.vmware.com/en/VMware-Cloud-Foundation/4.3.1/rn/VMware-Cloud-Foundation-431-Release-Notes.html
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Related
