CVE-2022-43760

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-43760

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-43760.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-43760

Aliases

GHSA-46v3-ggjg-qq3x

Related

GHSA-46v3-ggjg-qq3x

Published

2023-06-01T13:15:10.373Z

Modified

2026-02-11T13:26:39.885836Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page.

This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.

References

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type: GIT
Repo: https://github.com/rancher/rancher
Events: Introduced

ce9a7aea4b13fed7acd02cc32667b2ae72f98f5a

Fixed

efc731b553111e5083ee6fb21587491f7e4fcdc9

Introduced

df2432ad895c9d6be0e47e0d6d62a4c3dc8f08e5

Fixed

e91bb053386b32864bbbb306f39061e9f2e287ae

Affected versions

v2.*

v2.6.0

v2.6.0-rc10

v2.6.1

v2.6.1-harvester1

v2.6.1-harvester2

v2.6.1-rc1

v2.6.1-rc10

v2.6.1-rc11

v2.6.1-rc12

v2.6.1-rc13

v2.6.1-rc2

v2.6.1-rc3

v2.6.1-rc4

v2.6.1-rc5

v2.6.1-rc6

v2.6.1-rc7

v2.6.1-rc8

v2.6.1-rc9

v2.6.11

v2.6.11-rc1

v2.6.11-rc10

v2.6.11-rc2

v2.6.11-rc3

v2.6.11-rc4

v2.6.11-rc5

v2.6.11-rc6

v2.6.11-rc7

v2.6.11-rc8

v2.6.11-rc9

v2.6.12

v2.6.12-rc1

v2.6.12-rc2

v2.6.12-rc3

v2.6.12-rc4

v2.6.12-rc5

v2.6.3

v2.6.3-harvester1

v2.6.3-rc1

v2.6.3-rc10

v2.6.3-rc11

v2.6.3-rc2

v2.6.3-rc3

v2.6.3-rc4

v2.6.3-rc5

v2.6.3-rc6

v2.6.3-rc7

v2.6.3-rc8

v2.6.3-rc9

v2.6.4-alpha1

v2.6.4-alpha2

v2.6.4-alpha3

v2.6.4-rc1

v2.6.4-rc10

v2.6.4-rc11

v2.6.4-rc12

v2.6.4-rc13

v2.6.4-rc2

v2.6.4-rc3

v2.6.4-rc4

v2.6.4-rc5

v2.6.4-rc6

v2.6.4-rc8

v2.6.4-rc9

v2.6.5

v2.6.5-alpha1

v2.6.5-rc1

v2.6.5-rc10

v2.6.5-rc11

v2.6.5-rc12

v2.6.5-rc2

v2.6.5-rc3

v2.6.5-rc4

v2.6.5-rc5

v2.6.5-rc6

v2.6.5-rc8

v2.6.5-rc9

v2.6.6-rc1

v2.6.7

v2.6.7-rc1

v2.6.7-rc10

v2.6.7-rc2

v2.6.7-rc3

v2.6.7-rc4

v2.6.7-rc5

v2.6.7-rc6

v2.6.7-rc7

v2.6.7-rc8

v2.6.7-rc9

v2.6.8

v2.6.8-rc1

v2.6.8-rc2

v2.6.8-rc3

v2.6.8-rc4

v2.6.9

v2.6.9-rc1

v2.6.9-rc2

v2.6.9-rc3

v2.6.9-rc4

v2.6.9-rc5

v2.6.9-rc6

v2.7.0

v2.7.0-novkdm

v2.7.2

v2.7.2-rc1

v2.7.2-rc10

v2.7.2-rc2

v2.7.2-rc3

v2.7.2-rc4

v2.7.2-rc5

v2.7.2-rc6

v2.7.2-rc7

v2.7.2-rc8

v2.7.2-rc9

v2.7.3

v2.7.3-kdm-2.6.12

v2.7.3-rc1

v2.7.3-rc2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-43760.json"