What is CVE-2022-43760?

CVE-2022-43760 is an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability in SUSE Rancher that allows users in some higher-privileged groups to inject code that is executed within another user's browser, potentially leading to information theft and web manipulation.

Which software is affected by CVE-2022-43760?

The affected software is SUSE Rancher, versions 2.6.0 to 2.6.13 and versions 2.7.0 to 2.7.4.

What is the severity of CVE-2022-43760?

The severity of CVE-2022-43760 is high, with a CVSS score of 8.4.

How can an attacker exploit CVE-2022-43760?

An attacker with higher privileges can inject malicious code that is executed in another user's browser, leading to potential information theft and web manipulation.

Is there a fix available for CVE-2022-43760?

Yes, for SUSE Rancher, upgrading to versions 2.6.14 or higher, or versions 2.7.5 or higher, will address the vulnerability.

Vulnerability/
CVE-2022-43760

high

8.4

CWE

1/6/2023

8/6/2023

CVE-2022-43760: XSS

First published: Thu Jun 01 2023(Updated: )

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.

Credit: meissner@suse.de

Affected Software	Affected Version	How to fix
SUSE Rancher	>=2.6.0<2.6.13
SUSE Rancher	>=2.7.0<2.7.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-43760?
CVE-2022-43760 is an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability in SUSE Rancher that allows users in some higher-privileged groups to inject code that is executed within another user's browser, potentially leading to information theft and web manipulation.
Which software is affected by CVE-2022-43760?
The affected software is SUSE Rancher, versions 2.6.0 to 2.6.13 and versions 2.7.0 to 2.7.4.
What is the severity of CVE-2022-43760?
The severity of CVE-2022-43760 is high, with a CVSS score of 8.4.
How can an attacker exploit CVE-2022-43760?
An attacker with higher privileges can inject malicious code that is executed in another user's browser, leading to potential information theft and web manipulation.
Is there a fix available for CVE-2022-43760?
Yes, for SUSE Rancher, upgrading to versions 2.6.14 or higher, or versions 2.7.5 or higher, will address the vulnerability.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/nvd-index
collector/nvd-latest
vendor/suse
canonical/suse rancher
version/suse rancher/2.6.0
version/suse rancher/2.7.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.