Rancher: Command injection in Git package

CVE-2022-43758

7.6HIGH

Key Information

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 7 February 2023

Summary

A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

Affected Version(s)

Rancher < 2.5.17

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Risk change from: 6.8 to: 7.6 - (HIGH)
Feb 22, 2024
Vulnerability published.
Feb 7, 2023
Vulnerability Reserved.
Oct 26, 2022

Collectors

NVD DatabaseMitre Database

Credit

Sam Sanoop