Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43758

A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

Published

2023-02-07T13:15:09.883

Last Modified

2024-11-21T07:27:10.303

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.6 (HIGH)

Weaknesses

Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	suse	rancher	< 2.5.17	Yes
Application	suse	rancher	< 2.6.10	Yes
Application	suse	rancher	< 2.7.1	Yes

References

https://bugzilla.suse.com/show_bug.cgi?id=1205294 Issue Tracking ([email protected])
https://bugzilla.suse.com/show_bug.cgi?id=1205294 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)