Sensitive Data at Risk of Leakage in Rancher Audit Logs
CVE-2023-22649

6.5MEDIUM

Key Information:

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 16 October 2024

Summary

A vulnerability exists in Rancher's audit logging feature that can lead to exposure of sensitive data. This issue arises specifically in deployments where the Audit Logging feature is enabled and the AUDIT_LEVEL is configured to '1 or higher'. In such scenarios, sensitive information may be unintentionally recorded in the audit logs, posing a risk to data privacy and security. Organizations using this feature should evaluate their configurations and take necessary precautions to safeguard sensitive information.

Affected Version(s)

rancher 2.6.0 < 2.6.14

rancher 2.7.0 < 2.7.10

rancher 2.8.0 < 2.8.2

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22649

https://github.com/rancher/rancher/security/advisories/GH...

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2024
Vulnerability Reserved
Jan 5, 2023