Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-21951

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.

Published

2022-05-25T09:15:08.167

Last Modified

2024-11-21T06:45:46.187

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

4.9

Weaknesses

Type: Primary
CWE-319
Type: Secondary
CWE-319

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	suse	rancher	< 2.5.14	Yes
Application	suse	rancher	< 2.6.5	Yes

References

https://bugzilla.suse.com/show_bug.cgi?id=1199443 Issue Tracking, Third Party Advisory ([email protected])
https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c Exploit, Third Party Advisory ([email protected])
https://bugzilla.suse.com/show_bug.cgi?id=1199443 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)