← back
CVE-2022-22948

CVE-2022-22948

CVSS 6.5 MEDIUMEPSS 13.9%● KEVCWE-276
In short

The vCenter Server exposes sensitive information due to improper file permissions. An attacker with regular (non-admin) access to the server can read files they shouldn't, potentially obtaining confidential data.

Technical detail

An information disclosure vulnerability exists in vCenter Server caused by incorrect file permission settings (CWE-276). A non-privileged authenticated user can exploit this to access sensitive files beyond their authorization level, leading to exposure of confidential information.

Summary generated and translated by AI from the official description.
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · VMware vCenter Server and VMware Cloud Foundation
public PoCs found1
githubgithub.com/PenteraIO/CVE-2022-2294811
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22948https://www.vmware.com/security/advisories/VMSA-2022-0009.html