Sensitive Data at Risk of Leakage in Rancher Audit Logs

CVE-2023-22649

6.5MEDIUM

Key Information

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 16 October 2024

Summary

A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue.

Affected Version(s)

rancher < 2.6.14

rancher < 2.7.10

rancher < 2.8.2

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Risk change from: 7.7 to: 8.4 - (HIGH)
Oct 16, 2024
Vulnerability published.
Oct 16, 2024
Vulnerability Reserved.
Jan 5, 2023

Collectors

NVD DatabaseMitre Database