CVE-2022-43758
HIGHSUSE Rancher <2.5.17, <2.6.10, <2.7.1 - Command Injection
Title source: llmDescription
A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.
References (1)
Core 1
Core References
Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=1205294
Scores
CVSS v3
7.6
EPSS
0.0076
EPSS Percentile
73.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (2)
rancher/rancher
2.5.0 - 2.5.17Go
suse/rancher
2.5.0 - 2.5.17
Published
Feb 07, 2023
Tracked Since
Feb 18, 2026