CVE-2022-43758

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-43758

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-43758.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-43758

Aliases

GHSA-34p5-jp77-fcrc

Published

2023-02-07T13:15:09Z

Modified

2025-01-08T09:13:18.191961Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

References

https://bugzilla.suse.com/show_bug.cgi?id=1205294

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type: GIT
Repo: https://github.com/rancher/rancher
Events: Introduced

ce9a7aea4b13fed7acd02cc32667b2ae72f98f5a

Fixed

bb1c35fc4258ada8829c187ca17fe28a6e61da4d

Affected versions

v2.*

v2.7.0

v2.7.0-novkdm

v2.7.1-rc4