CVE-2022-31249

Source
https://cve.org/CVERecord?id=CVE-2022-31249
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31249.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31249
Aliases
Published
2023-02-07T00:00:00Z
Modified
2026-07-08T06:01:50.003184761Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[RANCHER] OS command injection in Rancher and Fleet
Details

A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/31xxx/CVE-2022-31249.json",
    "cna_assigner": "suse",
    "cwe_ids": [
        "CWE-78"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "wrangler"
                },
                {
                    "last_affected": "0.7.3"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/rancher/wrangler

Affected ranges

Type
GIT
Repo
https://github.com/rancher/wrangler
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Introduced
Database specific
{
    "cpe": [
        "cpe:2.3:a:suse:wrangler:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:suse:wrangler:1.0.0:*:*:*:*:*:*:*"
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.7.4"
        },
        {
            "introduced": "0.8.0"
        },
        {
            "fixed": "0.8.5"
        },
        {
            "introduced": "1.0.0"
        },
        {
            "last_affected": "1.0.0"
        }
    ]
}

Affected versions

1.*
1.0.0
v0.*
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.2.0
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.7.2
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31249.json"