CVE-2022-21947: rancher desktop: Dashboard API is network accessible
First published: Fri Apr 01 2022(Updated: )
A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Rancher Desktop | <1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-21947 vulnerability?
CVE-2022-21947 is a Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE that allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions.
Which software is affected by CVE-2022-21947?
CVE-2022-21947 affects SUSE Rancher Desktop versions prior to V1.2.1.
What is the severity of CVE-2022-21947?
CVE-2022-21947 has a severity rating of 8.8 (high).
How can attackers exploit CVE-2022-21947 vulnerability?
Attackers in the local network can exploit CVE-2022-21947 by connecting to the Dashboard API (steve) and carrying out arbitrary actions.
Is there a fix available for CVE-2022-21947?
Yes, the fix for CVE-2022-21947 is to upgrade to SUSE Rancher Desktop version V1.2.1 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/suse
- canonical/suse rancher desktop