{"id":"CVE-2023-34058","details":"VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted  Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged  Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .","modified":"2026-05-15T12:05:40.286812814Z","published":"2023-10-27T04:53:09.935Z","related":["ALSA-2023:7265","ALSA-2023:7277","SUSE-SU-2023:4227-1","SUSE-SU-2023:4228-1","SUSE-SU-2023:4229-1","SUSE-SU-2023:4230-1","openSUSE-SU-2024:13374-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/34xxx/CVE-2023-34058.json","unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"last_affected":"12.x.x"},{"last_affected":"11.x.x"},{"last_affected":"10.3.x"},{"introduced":"11.0.0"},{"last_affected":"12.3.0"}]}],"cna_assigner":"vmware"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2023/10/27/1"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/34xxx/CVE-2023-34058.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34058"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5543"},{"type":"ADVISORY","url":"https://www.vmware.com/security/advisories/VMSA-2023-0024.html"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}