First published: Thu Jun 01 2023(Updated: )
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
Credit: meissner@suse.de
Affected Software | Affected Version | How to fix |
---|---|---|
SUSE Rancher | >=2.6.0<2.6.13 | |
SUSE Rancher | >=2.7.0<2.7.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-43760 is an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability in SUSE Rancher that allows users in some higher-privileged groups to inject code that is executed within another user's browser, potentially leading to information theft and web manipulation.
The affected software is SUSE Rancher, versions 2.6.0 to 2.6.13 and versions 2.7.0 to 2.7.4.
The severity of CVE-2022-43760 is high, with a CVSS score of 8.4.
An attacker with higher privileges can inject malicious code that is executed in another user's browser, leading to potential information theft and web manipulation.
Yes, for SUSE Rancher, upgrading to versions 2.6.14 or higher, or versions 2.7.5 or higher, will address the vulnerability.