{"id":"CVE-2023-20900","details":"A malicious actor that has been granted  Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged  Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .","modified":"2026-04-10T04:55:06.683181Z","published":"2023-08-31T10:15:08.247Z","related":["ALSA-2023:5312","ALSA-2023:5313","SUSE-SU-2023:3504-1","SUSE-SU-2023:3505-1","SUSE-SU-2023:3506-1","SUSE-SU-2023:3507-1","SUSE-SU-2023:3795-1","SUSE-SU-2023:3835-1","openSUSE-SU-2024:13186-1"],"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2023/08/31/1"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5493"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20231013-0002/"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2023/10/27/1"},{"type":"FIX","url":"https://www.vmware.com/security/advisories/VMSA-2023-0019.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vmware/open-vm-tools","events":[{"introduced":"2147df6aabe639fc5ff423ed791a8e7f02bf8d0a"},{"fixed":"865e76adf86fb38380220a3b760aa92ba5407c60"},{"introduced":"2147df6aabe639fc5ff423ed791a8e7f02bf8d0a"},{"fixed":"865e76adf86fb38380220a3b760aa92ba5407c60"},{"introduced":"0"},{"last_affected":"801d4b7f4978945aa0fd53259011e2da6345cc43"},{"introduced":"0"},{"last_affected":"b7ab96e6e38f6559cb882278a53d7a7ea5c0592c"}],"database_specific":{"versions":[{"introduced":"10.3.0"},{"fixed":"12.3.0"},{"introduced":"10.3.0"},{"fixed":"12.3.0"},{"introduced":"0"},{"last_affected":"11.0"},{"introduced":"0"},{"last_affected":"12.0"}]}}],"versions":["2008.02.13-77928","2008.04.04-87182","2008.05.02-90473","2008.05.15-93084","2008.05.15-93241","2008.06.03-96374","2008.06.20-100027","2008.07.01-102166","2008.10.10-123053","2008.11.18-130226","2008.12.23-137496","2009.01.21-142982","2009.02.18-148847","2009.03.18-154848","2009.04.23-162451","2009.05.22-167859","2009.06.18-172495","2009.07.22-179896","2009.08.24-187411","2009.09.18-193784","2009.10.15-201664","2009.11.16-210370","2009.12.16-217847","2010.01.19-226760","2010.02.23-236320","2010.03.20-243334","2010.04.25-253928","2010.06.16-268169","2010.07.25-280253","2010.08.24-292196","2010.09.19-301124","2010.10.18-313025","2010.11.17-327185","2010.12.19-339835","2011.01.24-354108","2011.03.28-387002","2011.04.25-402641","2011.05.27-420096","2011.06.27-437995","2011.07.19-450511","2011.08.21-471295","2011.09.23-491607","2011.10.26-514583","2011.11.20-535097","2011.12.20-562307","2012.03.13-651368","2012.05.21-724730","2012.10.14-874563","2012.12.26-958366","2013.04.16-1098359","2013.09.16-1328054","open-vm-tools-10.0.0-3000743","p4-sync-929606","stable-10.0.5","stable-11.0.0","stable-12.0.0","stable-9.10.0","stable-9.10.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-20900.json","unresolved_ranges":[{"events":[{"introduced":"10.3.0"},{"fixed":"10.3.26"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]},{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}