CVE-2023-32192

HIGH

rancher/apiserver < 0.0.0-20240207153957-4fd7d821d952 - Unauthenticated Cross-Site Scripting via Public API Endpoint

Title source: llm

Description

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser

References (2)

Core 2

Core References

Vendor Advisory

https://github.com/rancher/apiserver/security/advisories/GHSA-833m-37f7-jq55

Issue Tracking

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32192

Scores

CVSS v3 8.3

EPSS 0.0035

EPSS Percentile 57.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-80

Status published

Products (2)

rancher/apiserver 0 - 0.0.0-20240207153957-4fd7d821d952Go

SUSE/apiserver < 0.0.0-20240207153957-4fd7d821d952

Published Oct 16, 2024

Tracked Since Feb 18, 2026