CVE-2023-20900

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-20900
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-20900.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-20900
Downstream
Related
Published
2023-08-31T10:15:08.247Z
Modified
2026-04-02T08:43:31.531230Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

References

Affected packages

Git / github.com/vmware/open-vm-tools

Affected ranges

Type
GIT
Repo
https://github.com/vmware/open-vm-tools
Events
Introduced
2147df6aabe639fc5ff423ed791a8e7f02bf8d0a
Fixed
865e76adf86fb38380220a3b760aa92ba5407c60
Introduced
2147df6aabe639fc5ff423ed791a8e7f02bf8d0a
Fixed
865e76adf86fb38380220a3b760aa92ba5407c60
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
801d4b7f4978945aa0fd53259011e2da6345cc43
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
b7ab96e6e38f6559cb882278a53d7a7ea5c0592c
Database specific 
{
    "versions": [
        {
            "introduced": "10.3.0"
        },
        {
            "fixed": "12.3.0"
        },
        {
            "introduced": "10.3.0"
        },
        {
            "fixed": "12.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.0"
        }
    ]
}

Affected versions

10.*
10.1.15
10.2.5
2008.*
2008.02.13-77928
2008.04.04-87182
2008.05.02-90473
2008.05.15-93084
2008.05.15-93241
2008.06.03-96374
2008.06.20-100027
2008.07.01-102166
2008.08.08-109361
2008.09.03-114782
2008.10.10-123053
2008.11.18-130226
2008.12.23-137496
2009.*
2009.01.21-142982
2009.02.18-148847
2009.03.18-154848
2009.04.23-162451
2009.05.22-167859
2009.06.18-172495
2009.07.22-179896
2009.08.24-187411
2009.09.18-193784
2009.10.15-201664
2009.11.16-210370
2009.12.16-217847
2010.*
2010.01.19-226760
2010.02.23-236320
2010.03.20-243334
2010.04.25-253928
2010.06.16-268169
2010.07.25-280253
2010.08.24-292196
2010.09.19-301124
2010.10.18-313025
2010.11.17-327185
2010.12.19-339835
2011.*
2011.01.24-354108
2011.02.23-368700
2011.03.28-387002
2011.04.25-402641
2011.05.27-420096
2011.06.27-437995
2011.07.19-450511
2011.08.21-471295
2011.09.23-491607
2011.10.26-514583
2011.11.20-535097
2011.12.20-562307
2012.*
2012.03.13-651368
2012.05.21-724730
2012.10.14-874563
2012.12.26-958366
2013.*
2013.04.16-1098359
2013.09.16-1328054
open-vm-tools-10.*
open-vm-tools-10.0.0-3000743
Other
p4-sync-929606
stable-10.*
stable-10.0.5
stable-10.0.7
stable-10.1.0
stable-10.1.10
stable-10.1.15
stable-10.1.5
stable-10.2.0
stable-10.2.5
stable-10.3.0
stable-10.3.10
stable-10.3.5
stable-11.*
stable-11.0.0
stable-11.1.0
stable-11.1.5
stable-11.2.0
stable-11.2.5
stable-11.3.0
stable-11.3.5
stable-12.*
stable-12.0.0
stable-12.1.0
stable-12.1.5
stable-12.2.0
stable-12.2.5
stable-12.4.0
stable-12.4.5
stable-12.5.0
stable-12.5.2
stable-12.5.4
stable-13.*
stable-13.0.0
stable-13.0.10
stable-13.0.5
stable-8.*
stable-8.4.2-261024
stable-8.6.0
stable-8.6.5
stable-8.8.0
stable-8.8.1
stable-8.8.2
stable-9.*
stable-9.0.0
stable-9.10.0
stable-9.10.2
stable-9.10.3
stable-9.2.0
stable-9.2.2
stable-9.2.3
stable-9.4.0
stable-9.4.6

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "10.3.0"
            },
            {
                "fixed": "10.3.26"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "37"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "38"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "39"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-20900.json"