CVE-2022-21947

HIGH

SUSE Rancher Desktop <V. - Info Disclosure

Title source: llm

Description

A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.

References (1)

[Issue Tracking, Third Party Advisory] https://bugzilla.suse.com/show_bug.cgi?id=1197491

Scores

CVSS v3 8.3

EPSS 0.0010

EPSS Percentile 26.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Classification

CWE

CWE-668

Status published

Affected Products (1)

suse/rancher_desktop < 1.2.1

Timeline

Published Apr 01, 2022

Tracked Since Feb 18, 2026