[RANCHER] OS command injection in Rancher and Fleet

CVE-2022-31249

7.5HIGH

Key Information

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 7 February 2023

Summary

A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.

Affected Version(s)

Rancher <= 0.7.3

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 9.8 to: 7.5 - (HIGH)
Feb 22, 2024
Vulnerability published.
Feb 7, 2023
Vulnerability Reserved.
May 20, 2022

Collectors

NVD DatabaseMitre Database