CVE-2022-43758: Rancher: Command injection in Git package
First published: Tue Feb 07 2023(Updated: )
A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Rancher | >=2.5.0<2.5.17 | |
| SUSE Rancher | >=2.6.0<2.6.10 | |
| SUSE Rancher | >=2.7.0<2.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-43758?
CVE-2022-43758 is an OS Command Injection vulnerability in SUSE Rancher that allows code execution.
How does CVE-2022-43758 affect SUSE Rancher?
CVE-2022-43758 affects SUSE Rancher versions 2.5.0 to 2.5.17, 2.6.0 to 2.6.10, and 2.7.0 to 2.7.1.
What is the severity of CVE-2022-43758?
CVE-2022-43758 has a severity rating of high (6.8).
How can I exploit CVE-2022-43758?
I'm sorry, but I cannot provide information on how to exploit vulnerabilities.
How can I fix CVE-2022-43758?
To fix CVE-2022-43758, it is recommended to upgrade SUSE Rancher to a version beyond the affected range.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/author
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/suse
- canonical/suse rancher
- version/suse rancher/2.5.0
- version/suse rancher/2.6.0
- version/suse rancher/2.7.0