CVE-2022-21947

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-21947

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21947.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-21947

Published

2022-04-01T07:15:07Z

Modified

2025-01-14T10:45:34.959021Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.

References

https://bugzilla.suse.com/show_bug.cgi?id=1197491

Affected packages

Git / github.com/rancher-sandbox/rancher-desktop

Affected ranges

Type: GIT
Repo: https://github.com/rancher-sandbox/rancher-desktop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

97d211bc11adb8ad281ef792d8bbc58b56c7123b

Affected versions

v0.*

v0.1.0

v0.2.0

v0.2.1

v0.3.0

v0.4.0

v0.4.1

v0.5.0

v0.6.0

v0.7.0

v0.7.0-beta.1

v1.*

v1.0.0

v1.0.0-beta.1

v1.1.0

v1.2.0