Upstream information

CVE-2022-21953 at MITRE

Description

A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v3 Scores
  National Vulnerability Database SUSE
Base Score 7.4 7.4
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
Attack Vector Network Network
Attack Complexity Low Low
Privileges Required Low Low
User Interaction None None
Scope Changed Changed
Confidentiality Impact Low Low
Integrity Impact Low Low
Availability Impact Low Low
CVSSv3 Version 3.1 3.1
SUSE Bugzilla entry: 1199731 [RESOLVED / FIXED]

SUSE Security Advisories:


SUSE Timeline for this CVE

CVE page created: Thu May 19 18:00:31 2022
CVE page last modified: Thu Feb 9 14:24:11 2023