Cross-site Scripting Vulnerability in Rancher by SUSE
CVE-2022-43760

8.4HIGH

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 1 June 2023

Summary

An improper neutralization of input during web page generation vulnerability in SUSE Rancher allows users in higher-privileged groups to inject malicious code. This code executes within the browser of another user, enabling attackers to potentially steal sensitive information, manipulate web content, or take other malicious actions impersonating the victims, especially if an administrator accesses the affected web page. This poses a significant risk to users with write access in the affected systems.

Affected Version(s)

Rancher >= 2.6.0 < 2.6.0

Rancher >= 2.7.0 < 2.7.0

References

https://github.com/rancher/rancher/security/advisories/GH...

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-43760

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 1, 2023
Vulnerability Reserved
Oct 26, 2022

Credit

https://github.com/bybit-sec