Description
A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1197491
Scores
CVSS v3
8.3
EPSS
0.0010
EPSS Percentile
26.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Details
CWE
CWE-668
Status
published
Products (1)
suse/rancher_desktop
< 1.2.1
Published
Apr 01, 2022
Tracked Since
Feb 18, 2026