CVE-2022-21953

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-21953

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21953.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-21953

Aliases

GHSA-g25r-gvq3-wrq7

Published

2023-02-07T13:15:09.437Z

Modified

2026-04-10T04:44:16.449898Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

References

https://bugzilla.suse.com/show_bug.cgi?id=1199731

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type

GIT

Repo

https://github.com/rancher/rancher

Events

Introduced

65f3525cdc1167872af4140d45f3153698450c52

Fixed

8bcacfeafe7c8b7696318c1eb739247258e83238

Introduced

df2432ad895c9d6be0e47e0d6d62a4c3dc8f08e5

Fixed

2207cfed180315c015223c07ba4462888b8acf9f

Introduced

ce9a7aea4b13fed7acd02cc32667b2ae72f98f5a

Fixed

bb1c35fc4258ada8829c187ca17fe28a6e61da4d

Database specific

{
    "versions": [
        {
            "introduced": "2.5.0"
        },
        {
            "fixed": "2.5.17"
        },
        {
            "introduced": "2.6.0"
        },
        {
            "fixed": "2.6.10"
        },
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.1"
        }
    ]
}

Affected versions

v2.*

v2.5.0

v2.5.0-rc9

v2.5.1

v2.5.1-rc1

v2.5.10

v2.5.10-rc1

v2.5.10-rc2

v2.5.10-rc3

v2.5.10-rc4

v2.5.10-rc5

v2.5.10-rc6

v2.5.10-rc7

v2.5.12

v2.5.12-rc1

v2.5.12-rc2

v2.5.12-rc3

v2.5.12-rc4

v2.5.12-rc5

v2.5.12-rc6

v2.5.12-rc7

v2.5.12-rc8

v2.5.13

v2.5.13-rc1

v2.5.13-rc2

v2.5.13-rc3

v2.5.13-rc4

v2.5.14

v2.5.14-rc1

v2.5.14-rc2

v2.5.16

v2.5.16-rc1

v2.5.16-rc2

v2.5.16-rc3

v2.5.16-rc4

v2.5.2

v2.5.2-rc

v2.5.2-rc1

v2.5.2-rc10

v2.5.2-rc2

v2.5.2-rc3

v2.5.2-rc4

v2.5.2-rc5

v2.5.2-rc6

v2.5.2-rc7

v2.5.2-rc8

v2.5.2-rc9

v2.5.4

v2.5.4-rc1

v2.5.4-rc2

v2.5.4-rc3

v2.5.4-rc4

v2.5.4-rc5

v2.5.4-rc6

v2.5.4-rc7

v2.5.4-rc8

v2.5.4-rc9

v2.5.6

v2.5.6-rc1

v2.5.6-rc2

v2.5.6-rc3

v2.5.6-rc4

v2.5.6-rc5

v2.5.6-rc6

v2.5.6-rc7

v2.5.6-rc8

v2.5.6-rc9

v2.5.8

v2.5.8-rc10

v2.5.8-rc11

v2.5.8-rc12

v2.5.8-rc13

v2.5.8-rc14

v2.5.8-rc15

v2.5.8-rc16

v2.5.8-rc17

v2.5.8-rc18

v2.5.8-rc19

v2.5.8-rc2

v2.5.8-rc20

v2.5.8-rc21

v2.5.8-rc3

v2.5.8-rc4

v2.5.8-rc5

v2.5.8-rc6

v2.5.8-rc7

v2.5.8-rc8

v2.5.8-rc9

v2.6.0

v2.6.0-rc10

v2.6.1

v2.6.1-harvester1

v2.6.1-harvester2

v2.6.1-rc1

v2.6.1-rc10

v2.6.1-rc11

v2.6.1-rc12

v2.6.1-rc13

v2.6.1-rc2

v2.6.1-rc3

v2.6.1-rc4

v2.6.1-rc5

v2.6.1-rc6

v2.6.1-rc7

v2.6.1-rc8

v2.6.1-rc9

v2.6.10-rc6

v2.6.3

v2.6.3-harvester1

v2.6.3-rc1

v2.6.3-rc10

v2.6.3-rc11

v2.6.3-rc2

v2.6.3-rc3

v2.6.3-rc4

v2.6.3-rc5

v2.6.3-rc6

v2.6.3-rc7

v2.6.3-rc8

v2.6.3-rc9

v2.6.4-alpha1

v2.6.4-alpha2

v2.6.4-alpha3

v2.6.4-rc1

v2.6.4-rc10

v2.6.4-rc11

v2.6.4-rc12

v2.6.4-rc13

v2.6.4-rc2

v2.6.4-rc3

v2.6.4-rc4

v2.6.4-rc5

v2.6.4-rc6

v2.6.4-rc8

v2.6.4-rc9

v2.6.5

v2.6.5-alpha1

v2.6.5-rc1

v2.6.5-rc10

v2.6.5-rc11

v2.6.5-rc12

v2.6.5-rc2

v2.6.5-rc3

v2.6.5-rc4

v2.6.5-rc5

v2.6.5-rc6

v2.6.5-rc8

v2.6.5-rc9

v2.6.6-rc1

v2.6.7

v2.6.7-rc1

v2.6.7-rc10

v2.6.7-rc2

v2.6.7-rc3

v2.6.7-rc4

v2.6.7-rc5

v2.6.7-rc6

v2.6.7-rc7

v2.6.7-rc8

v2.6.7-rc9

v2.6.8-rc2

v2.6.8-rc3

v2.6.9

v2.6.9-rc1

v2.6.9-rc2

v2.6.9-rc3

v2.6.9-rc4

v2.6.9-rc5

v2.6.9-rc6

v2.7.0

v2.7.0-novkdm

v2.7.1-rc4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21953.json"