VMware Cloud Foundation (Cloud Foundation)
An Information disclosure vulnerability in VMware Cloud Foundation SDDC Manager was discovered. Updates are available to remediate this vulnerability in VMware Cloud Foundation.
Description
VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager.
Known Attack Vectors
A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files.
Resolution
To remediate CVE-2022-22939 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below to affected deployments.
Workarounds
Workarounds for CVE-2022-22939 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.
Additional Documentation
None.
Notes
None.
Acknowledgements
None.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22939
docs.vmware.com/en/VMware-Cloud-Foundation/3.11/rn/VMware-Cloud-Foundation-311-Release-Notes.html
docs.vmware.com/en/VMware-Cloud-Foundation/4.3.1/rn/VMware-Cloud-Foundation-431-Release-Notes.html
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N