CVE-2022-21951

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-21951
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21951.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-21951
Related
  • GHSA-vrph-m5jj-c46c
Published
2022-05-25T09:15:08.167Z
Modified
2025-11-14T12:55:12.055782Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.

References

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type
GIT
Repo
https://github.com/rancher/rancher
Events
Introduced
65f3525cdc1167872af4140d45f3153698450c52
Fixed
52a8de7b63b181188cf4aeeacb59c79545af7312

Affected versions

v2.*

v2.5.0
v2.5.0-rc9
v2.5.1
v2.5.1-rc1
v2.5.10
v2.5.10-rc1
v2.5.10-rc2
v2.5.10-rc3
v2.5.10-rc4
v2.5.10-rc5
v2.5.10-rc6
v2.5.10-rc7
v2.5.12
v2.5.12-rc1
v2.5.12-rc2
v2.5.12-rc3
v2.5.12-rc4
v2.5.12-rc5
v2.5.12-rc6
v2.5.12-rc7
v2.5.12-rc8
v2.5.13
v2.5.13-rc1
v2.5.13-rc2
v2.5.13-rc3
v2.5.13-rc4
v2.5.14-rc1
v2.5.2
v2.5.2-rc
v2.5.2-rc1
v2.5.2-rc10
v2.5.2-rc2
v2.5.2-rc3
v2.5.2-rc4
v2.5.2-rc5
v2.5.2-rc6
v2.5.2-rc7
v2.5.2-rc8
v2.5.2-rc9
v2.5.4
v2.5.4-rc1
v2.5.4-rc2
v2.5.4-rc3
v2.5.4-rc4
v2.5.4-rc5
v2.5.4-rc6
v2.5.4-rc7
v2.5.4-rc8
v2.5.4-rc9
v2.5.6
v2.5.6-rc1
v2.5.6-rc2
v2.5.6-rc3
v2.5.6-rc4
v2.5.6-rc5
v2.5.6-rc6
v2.5.6-rc7
v2.5.6-rc8
v2.5.6-rc9
v2.5.8
v2.5.8-rc10
v2.5.8-rc11
v2.5.8-rc12
v2.5.8-rc13
v2.5.8-rc14
v2.5.8-rc15
v2.5.8-rc16
v2.5.8-rc17
v2.5.8-rc18
v2.5.8-rc19
v2.5.8-rc2
v2.5.8-rc20
v2.5.8-rc21
v2.5.8-rc3
v2.5.8-rc4
v2.5.8-rc5
v2.5.8-rc6
v2.5.8-rc7
v2.5.8-rc8
v2.5.8-rc9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21951.json"