Multiple vulnerabilities found in VMware Cloud Director
search cancel

Multiple vulnerabilities found in VMware Cloud Director

book

Article ID: 382275

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

Third party security scanner reports the following vulnerabilities with the VMware Cloud Director:

  • Vulnerability #1:
    A service discloses version information (generic-service-version-disclosure)

Description:
"A service was found to be running that provides detailed version information. This information can be used to determine what vulnerabilities may exist in the service, assisting malicious users in launching more targeted attacks.

  • Vulnerability #2:
    OpenSSH < 9.6 Multiple Vulnerabilities (CVE-2023-48795,CVE-2023-51384,CVE-2023-51385)

Description:
"The SSH server running on the remote host is affected by multiple vulnerabilities. The version of OpenSSH installed on the remote host is prior to 9.6. It is, therefore, affected by multiple vulnerabilities as referenced in the release-9.6 advisory.

  • Vulnerability #3:
    urllib3 Python Library < 1.26.19, < 2.2.2 (CVE-2024-37891)

Description:
"A Python library installed on the remote host is affected by a vulnerability. urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with 'ProxyManager', the 'Proxy-Authorization' header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the 'Proxy-Authorization' header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the 'Proxy-Authorization' HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. 

  • Vulnerability #4:
    User home directory mode unsafe (unix-user-home-dir-mode)

Description:
"A user's home directory was found to have a permission mode which is more permissive than 750 (Owner=READ/WRITE/EXECUTE, Group=READ/EXECUTE, Other=NONE). ""Group"" or ""Other"" WRITE permissions means that a malicious user may gain complete access to user data by escalating privileges. In addition ""read"" and ""execute"" access for ""Other"" should always be disabled (sensitive data access).

  • Vulnerability #5:
    Undefined CVE, Click Jacking

Description:
Clickjacking is a type of cyberattack where an attacker tricks a user into clicking something different from what they intended by hiding or overlaying malicious content on a legitimate webpage. This can lead to unintended actions, such as sharing personal information or installing malware. To protect against it, developers use techniques like X-Frame-Options headers, Content Security Policy (CSP), and frame busting.

Environment

VMware Cloud Director 10.5.x

Resolution

Vulnerability #1: Fixed in VMware Cloud Director version 10.6.

Vulnerability #2: Fixed in VMware Cloud Director version 10.6.

Vulnerability #3: Addressed in VCD version 10.6.1 

Vulnerability #4: This is intentional as part of an in-development feature. This can be whitelisted

Vulnerability #5: Fixed in VMware Cloud Director version 10.6.

Download VMware Cloud Director 10.6 here