CVE-2022-43755

Source
https://cve.org/CVERecord?id=CVE-2022-43755
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-43755.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-43755
Aliases
Published
2023-02-07T00:00:00Z
Modified
2026-07-15T01:49:19.078533720Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H CVSS Calculator
Summary
Rancher: Non-random authentication token
Details

A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

Database specific
{
    "cwe_ids": [
        "CWE-331"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/43xxx/CVE-2022-43755.json",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "Rancher"
                },
                {
                    "fixed": "2.6.10"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "suse"
}
References

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type
GIT
Repo
https://github.com/rancher/rancher
Events
Database specific
{
    "cpe": "cpe:2.3:a:suse:rancher:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.6.0"
        },
        {
            "fixed": "2.6.10"
        },
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.1"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

v2.*
v2.6.0
v2.6.0-rc10
v2.6.1
v2.6.1-harvester1
v2.6.1-harvester2
v2.6.1-rc1
v2.6.1-rc10
v2.6.1-rc11
v2.6.1-rc12
v2.6.1-rc13
v2.6.1-rc2
v2.6.1-rc3
v2.6.1-rc4
v2.6.1-rc5
v2.6.1-rc6
v2.6.1-rc7
v2.6.1-rc8
v2.6.1-rc9
v2.6.10-rc6
v2.6.3
v2.6.3-harvester1
v2.6.3-rc1
v2.6.3-rc10
v2.6.3-rc11
v2.6.3-rc2
v2.6.3-rc3
v2.6.3-rc4
v2.6.3-rc5
v2.6.3-rc6
v2.6.3-rc7
v2.6.3-rc8
v2.6.3-rc9
v2.6.4-alpha1
v2.6.4-alpha2
v2.6.4-alpha3
v2.6.4-rc1
v2.6.4-rc10
v2.6.4-rc11
v2.6.4-rc12
v2.6.4-rc13
v2.6.4-rc2
v2.6.4-rc3
v2.6.4-rc4
v2.6.4-rc5
v2.6.4-rc6
v2.6.4-rc8
v2.6.4-rc9
v2.6.5
v2.6.5-alpha1
v2.6.5-rc1
v2.6.5-rc10
v2.6.5-rc11
v2.6.5-rc12
v2.6.5-rc2
v2.6.5-rc3
v2.6.5-rc4
v2.6.5-rc5
v2.6.5-rc6
v2.6.5-rc8
v2.6.5-rc9
v2.6.6-rc1
v2.6.7
v2.6.7-rc1
v2.6.7-rc10
v2.6.7-rc2
v2.6.7-rc3
v2.6.7-rc4
v2.6.7-rc5
v2.6.7-rc6
v2.6.7-rc7
v2.6.7-rc8
v2.6.7-rc9
v2.6.8-rc2
v2.6.8-rc3
v2.6.9
v2.6.9-rc1
v2.6.9-rc2
v2.6.9-rc3
v2.6.9-rc4
v2.6.9-rc5
v2.6.9-rc6
v2.7.0
v2.7.0-novkdm
v2.7.1-rc4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-43755.json"