CVE-2022-21953: Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
First published: Tue Feb 07 2023(Updated: )
A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Rancher | >=2.5.0<2.5.17 | |
| SUSE Rancher | >=2.6.0<2.6.10 | |
| SUSE Rancher | >=2.7.0<2.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-21953.
What is the severity of CVE-2022-21953?
CVE-2022-21953 has a severity of 8.8, which is considered high.
What is the affected software for CVE-2022-21953?
The affected software for CVE-2022-21953 is SUSE Rancher versions prior to 2.5.17, Rancher versions prior to 2.6.10, and Rancher versions prior to 2.7.1.
How does the vulnerability CVE-2022-21953 manifest?
The vulnerability CVE-2022-21953 allows an authenticated user to create an unauthorized shell pod and gain kubectl access in the local cluster.
Is there a fix available for CVE-2022-21953?
Yes, please update your SUSE Rancher version to 2.5.17, 2.6.10, or 2.7.1 to fix CVE-2022-21953.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/suse
- canonical/suse rancher
- version/suse rancher/2.5.0
- version/suse rancher/2.6.0
- version/suse rancher/2.7.0