CVE-2022-43760

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-43760
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-43760.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-43760
Aliases
Related
Published
2023-06-01T13:15:10Z
Modified
2025-07-01T14:19:33.035238Z
Severity
  • 8.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page.

This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.

References

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type
GIT
Repo
https://github.com/rancher/rancher
Events
Introduced
df2432ad895c9d6be0e47e0d6d62a4c3dc8f08e5
Fixed
e91bb053386b32864bbbb306f39061e9f2e287ae

Affected versions

v2.*

v2.6.0
v2.6.0-rc10
v2.6.1
v2.6.1-harvester1
v2.6.1-harvester2
v2.6.1-rc1
v2.6.1-rc10
v2.6.1-rc11
v2.6.1-rc12
v2.6.1-rc13
v2.6.1-rc2
v2.6.1-rc3
v2.6.1-rc4
v2.6.1-rc5
v2.6.1-rc6
v2.6.1-rc7
v2.6.1-rc8
v2.6.1-rc9
v2.6.11
v2.6.11-rc1
v2.6.11-rc10
v2.6.11-rc2
v2.6.11-rc3
v2.6.11-rc4
v2.6.11-rc5
v2.6.11-rc6
v2.6.11-rc7
v2.6.11-rc8
v2.6.11-rc9
v2.6.12
v2.6.12-rc1
v2.6.12-rc2
v2.6.12-rc3
v2.6.12-rc4
v2.6.12-rc5
v2.6.3
v2.6.3-harvester1
v2.6.3-rc1
v2.6.3-rc10
v2.6.3-rc11
v2.6.3-rc2
v2.6.3-rc3
v2.6.3-rc4
v2.6.3-rc5
v2.6.3-rc6
v2.6.3-rc7
v2.6.3-rc8
v2.6.3-rc9
v2.6.4-alpha1
v2.6.4-alpha2
v2.6.4-alpha3
v2.6.4-rc1
v2.6.4-rc10
v2.6.4-rc11
v2.6.4-rc12
v2.6.4-rc13
v2.6.4-rc2
v2.6.4-rc3
v2.6.4-rc4
v2.6.4-rc5
v2.6.4-rc6
v2.6.4-rc8
v2.6.4-rc9
v2.6.5
v2.6.5-alpha1
v2.6.5-rc1
v2.6.5-rc10
v2.6.5-rc11
v2.6.5-rc12
v2.6.5-rc2
v2.6.5-rc3
v2.6.5-rc4
v2.6.5-rc5
v2.6.5-rc6
v2.6.5-rc8
v2.6.5-rc9
v2.6.6-rc1
v2.6.7
v2.6.7-rc1
v2.6.7-rc10
v2.6.7-rc2
v2.6.7-rc3
v2.6.7-rc4
v2.6.7-rc5
v2.6.7-rc6
v2.6.7-rc7
v2.6.7-rc8
v2.6.7-rc9
v2.6.8
v2.6.8-rc1
v2.6.8-rc2
v2.6.8-rc3
v2.6.8-rc4
v2.6.9
v2.6.9-rc1
v2.6.9-rc2
v2.6.9-rc3
v2.6.9-rc4
v2.6.9-rc5
v2.6.9-rc6