Rancher/Wrangler: Denial of service when processing Git credentials

CVE-2022-43756

5.9MEDIUM

Key Information

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 7 February 2023

Summary

A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.

Affected Version(s)

Rancher <= 0.7.3

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7.5 to: 5.9 - (MEDIUM)
Feb 22, 2024
Vulnerability published.
Feb 7, 2023
Vulnerability Reserved.
Oct 26, 2022

Collectors

NVD DatabaseMitre Database