Rancher vSphere Vulnerability: Plaintext Storage of CPI/CSI Credentials
CVE-2022-45157
9.1CRITICAL
What is CVE-2022-45157?
A vulnerability has been identified in Rancher's handling of vSphere's Cloud Provider Interface (CPI) and Container Storage Interface (CSI) credentials. This issue arises from the insecure storage of CPI and CSI passwords as plaintext within Rancher. As a result, any deployment of clusters in vSphere environments is susceptible to credential exposure. This vulnerability highlights the critical need for secure credential management practices to safeguard sensitive information in cloud operations, particularly for users leveraging Rancher with vSphere.
Affected Version(s)
rancher 2.9.0 < 2.9.3
rancher 2.7.0 < 2.8.9