Upstream information
Description
A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | SUSE | |
|---|---|---|
| Base Score | 7.6 | 7.6 |
| Vector | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H |
| Attack Vector | Network | Network |
| Attack Complexity | High | High |
| Privileges Required | High | High |
| User Interaction | Required | Required |
| Scope | Changed | Changed |
| Confidentiality Impact | High | High |
| Integrity Impact | High | High |
| Availability Impact | High | High |
| CVSSv3 Version | 3.1 | 3.1 |
SUSE Security Advisories:
- GHSA-34p5-jp77-fcrc, published Wed Jan 25 04:42:12 CET 2023
SUSE Timeline for this CVE
CVE page created: Thu Nov 10 16:30:14 2022CVE page last modified: Thu Feb 9 14:30:51 2023