Sensitive Information Insertion Vulnerability in Cloud Director Object Storage Extension

CVE-2024-22276

5.3MEDIUM

Key Information

Vendor: N/a
Status: Vmware Cloud Director Object Storage Extension
Vendor: CVE Published:; 27 June 2024

Summary

VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability. A malicious actor with adjacent access to web/proxy server logging may be able to obtain sensitive information from URLs that are logged.

Affected Version(s)

VMware Cloud Director Object Storage Extension = VMware Cloud Director Object Storage Extension 3.0, VMware Cloud Director Object Storage Extension 2.x

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 27, 2024
Vulnerability Reserved.
Jan 8, 2024

Collectors

NVD DatabaseMitre Database