JFrog credentials shown in plain text
Article ID: 315981
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Earlier versions of Cloud Proxy for vRealize Automation Cloud, VMware Aria Operations for Logs (SaaS), vRealize AI Cloud and vRealize Subscription Manager Cloud contain unrestricted scripts access, leading to JFrog credentials to be exposed in plain text.
Cause
This issue is caused by unrestricted scripts access in earlier versions of Cloud Proxy for vRealize Automation Cloud, VMware Aria Operations for Logs (SaaS), vRealize AI Cloud and vRealize Subscription Manager Cloud.
Resolution
This is a known issue affecting vRealize Automation Cloud, VMware Aria Operations for Logs (SaaS), vRealize AI Cloud and vRealize Subscription Manager Cloud.
To resolve the issue immediately, preform a guest reboot on your Cloud Proxies.
This will trigger an update on the Cloud Proxy after restart.
To resolve the issue immediately, preform a guest reboot on your Cloud Proxies.
This will trigger an update on the Cloud Proxy after restart.
Additional Information
Impact/Risks:
This exploit can lead to JFrog credentials, including Repository Url, Username, and password being shared in plain text.
This exploit can lead to JFrog credentials, including Repository Url, Username, and password being shared in plain text.
Feedback
Yes
No
Powered by
