CVE-2022-21951

Опубликовано: 25 мая 2022

Источник: nvd

CVSS3: 6.8

CVSS2: 3.6

EPSS Низкий

Описание

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.

Ссылки

https://bugzilla.suse.com/show_bug.cgi?id=1199443
Issue Tracking
Third Party Advisory
https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c
Exploit
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1199443
Issue Tracking
Third Party Advisory
https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*

Версия от 2.5.0 (включая) до 2.5.14 (исключая)

cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*

Версия от 2.6.0 (включая) до 2.6.5 (исключая)

EPSS

Процентиль: 24%

0.00082

Низкий

6.8 Medium

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-319