CVE-2022-45157

Source
https://cve.org/CVERecord?id=CVE-2022-45157
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45157.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-45157
Aliases
Downstream
Related
Published
2024-11-13T13:39:10.338Z
Modified
2026-07-15T01:48:56.093562544Z
Severity
  • 8.5 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L CVSS Calculator
Summary
Exposure of vSphere's CPI and CSI credentials in Rancher
Details

A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments.

Database specific
{
    "cwe_ids": [
        "CWE-522"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/45xxx/CVE-2022-45157.json",
    "cna_assigner": "suse"
}
References

Affected packages

Git / github.com/rancher/rancher

Affected ranges

Type
GIT
Repo
https://github.com/rancher/rancher
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "2.9.0"
        },
        {
            "fixed": "2.9.3"
        },
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.8.9"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

v2.*
v2.7.0
v2.7.0-novkdm
v2.7.2
v2.7.2-rc1
v2.7.2-rc10
v2.7.2-rc2
v2.7.2-rc3
v2.7.2-rc4
v2.7.2-rc5
v2.7.2-rc6
v2.7.2-rc7
v2.7.2-rc8
v2.7.2-rc9
v2.7.5
v2.7.5-rc1
v2.7.5-rc2
v2.7.5-rc3
v2.7.5-rc4
v2.7.5-rc5
v2.7.5-rc6
v2.7.7-rc1
v2.7.7-rc2
v2.8.0
v2.8.0-alpha1
v2.8.0-alpha2
v2.8.0-rc1
v2.8.0-rc2
v2.8.0-rc3
v2.8.0-rc4
v2.8.0-rc5
v2.8.3
v2.8.3-alpha1
v2.8.3-alpha2
v2.8.3-rc1
v2.8.3-rc2
v2.8.3-rc3
v2.8.3-rc4
v2.8.3-rc5
v2.8.3-rc6
v2.8.3-rc7
v2.8.3-rc8
v2.8.4
v2.8.4-alpha1
v2.8.4-rc1
v2.8.4-rc2
v2.8.4-rc3
v2.8.4-rc4
v2.8.4-rc5
v2.8.6
v2.8.6-alpha1
v2.8.6-alpha2
v2.8.6-alpha3
v2.8.6-alpha4
v2.8.6-alpha5
v2.8.6-alpha6
v2.8.6-rc1
v2.8.6-rc2
v2.8.6-rc3
v2.8.6-rc4
v2.8.7
v2.8.7-rc1
v2.8.7-rc10
v2.8.7-rc2
v2.8.7-rc3
v2.8.7-rc4
v2.8.7-rc5
v2.8.7-rc6
v2.8.7-rc7
v2.8.7-rc8
v2.8.7-rc9
v2.8.8
v2.8.8-alpha1
v2.8.8-alpha2
v2.8.8-rc1
v2.8.9-alpha1
v2.8.9-alpha10
v2.8.9-alpha2
v2.8.9-alpha3
v2.8.9-alpha4
v2.8.9-alpha5
v2.8.9-alpha6
v2.8.9-alpha8
v2.8.9-alpha9
v2.8.9-rc1
v2.8.9-rc2
v2.9.0
v2.9.0-rc6
v2.9.1
v2.9.1-alpha1
v2.9.1-alpha2
v2.9.1-rc1
v2.9.1-rc2
v2.9.1-rc3
v2.9.1-rc4
v2.9.1-rc5
v2.9.1-rc6
v2.9.2
v2.9.2-alpha1
v2.9.2-alpha2
v2.9.2-alpha3
v2.9.2-alpha4
v2.9.2-alpha5
v2.9.2-alpha6
v2.9.2-alpha7
v2.9.2-rc1
v2.9.3-alpha1
v2.9.3-alpha2
v2.9.3-alpha3
v2.9.3-alpha4
v2.9.3-alpha5
v2.9.3-alpha6
v2.9.3-alpha7
v2.9.3-rc1
v2.9.3-rc2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-45157.json"