Rancher: Non-random authentication token

CVE-2022-43755

7.1HIGH

Key Information

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 7 February 2023

Summary

A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

Affected Version(s)

Rancher < 2.6.10

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 9.8 to: 7.1 - (HIGH)
Feb 22, 2024
Vulnerability published.
Feb 7, 2023
Vulnerability Reserved.
Oct 26, 2022

Collectors

NVD DatabaseMitre Database