1. Home
  2. CVE Database
  3. CVE-2022-21951
MEDIUM · 6.8

CVE-2022-21951

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted v...

Vulnerability Description

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
SuseRancher>= 2.5.0, < 2.5.14

Related Weaknesses (CWE)

CWE-319

References

FAQ

What is CVE-2022-21951?

CVE-2022-21951 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted v...

How severe is CVE-2022-21951?

CVE-2022-21951 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-21951?

Check the references section above for vendor advisories and patch information. Affected products include: Suse Rancher.