Rancher: Command injection in Git package
CVE-2022-43758

7.6HIGH

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 7 February 2023

What is CVE-2022-43758?

An OS Command Injection vulnerability in SUSE Rancher enables users to execute arbitrary code if they can add untrusted Helm catalogs or alter the URL configuration for downloading KDM. This flaw primarily impacts admin users who have access to modify configurations, thereby potentially compromising system integrity and security. Affected versions include those prior to 2.5.17, 2.6.10, and 2.7.1, which showcase the critical need for users to upgrade to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Rancher Rancher < 2.5.17

References

https://bugzilla.suse.com/show_bug.cgi?id=1205294

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 7, 2023
Vulnerability Reserved
Oct 26, 2022

Credit

Sam Sanoop

JSON

Suse

What is CVE-2022-43758?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.