Rancher/Wrangler: Denial of service when processing Git credentials
CVE-2022-43756

5.9MEDIUM

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 7 February 2023

Summary

A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.

Affected Version(s)

Rancher wrangler <= 0.7.3

References

https://bugzilla.suse.com/show_bug.cgi?id=1205296

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 7, 2023
Vulnerability Reserved
Oct 26, 2022