CVE-2022-31249: OS Command Injection
First published: Tue Feb 07 2023(Updated: )
A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Suse Wrangler | <0.7.4 | |
| Suse Wrangler | >=0.8.0<0.8.5 | |
| Suse Wrangler | =1.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2022-31249.
What is the severity of CVE-2022-31249?
The severity of CVE-2022-31249 is critical, with a severity value of 9.8.
Which software is affected by CVE-2022-31249?
The SUSE Rancher wrangler software versions 0.7.3 up to, but excluding, 0.7.4, versions 0.8.0 up to, but excluding, 0.8.5, and version 1.0.0 are affected by CVE-2022-31249.
What is the vulnerability description for CVE-2022-31249?
CVE-2022-31249 is an OS Command Injection vulnerability in SUSE Rancher's wrangler allowing remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler.
How can the CVE-2022-31249 vulnerability be fixed?
To fix CVE-2022-31249, users should update their SUSE Rancher wrangler software to version 0.7.4, 0.8.5, or 1.0.0, depending on the affected version.
- agent/author
- agent/description
- agent/event
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/suse
- canonical/suse wrangler
- version/suse wrangler/0.8.0
- version/suse wrangler/1.0.0