CVE-2022-31249
HIGHSUSE Rancher <0.7.3, <0.8.4, <1.0.0 - Command Injection
Title source: llmDescription
A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.
References (1)
Core 1
Core References
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1200299
Scores
CVSS v3
7.5
EPSS
0.0122
EPSS Percentile
79.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (3)
rancher/wrangler
0 - 0.7.4-security1Go
suse/wrangler
1.0.0
suse/wrangler
< 0.7.4
Published
Feb 07, 2023
Tracked Since
Feb 18, 2026