[RANCHER] OS command injection in Rancher and Fleet
CVE-2022-31249

7.5HIGH

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 7 February 2023

Summary

An OS Command Injection vulnerability in the Wrangler component of SUSE Rancher allows remote attackers to execute arbitrary commands on the underlying host system. This is achieved by injecting crafted commands into the Wrangler, affecting multiple versions including 0.7.3, 0.8.4, and 1.0.0. Security measures should be implemented to mitigate the risk posed by this vulnerability.

Affected Version(s)

Rancher wrangler <= 0.7.3

References

https://bugzilla.suse.com/show_bug.cgi?id=1200299

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2023
Vulnerability Reserved
May 20, 2022