Vulnerability Description
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suse | Rancher | >= 2.6.0, < 2.6.13 |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-43760Issue TrackingVendor Advisory
- https://github.com/rancher/rancher/security/advisories/GHSA-46v3-ggjg-qq3xVendor Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-43760Issue TrackingVendor Advisory
- https://github.com/rancher/rancher/security/advisories/GHSA-46v3-ggjg-qq3xVendor Advisory
FAQ
What is CVE-2022-43760?
CVE-2022-43760 is a vulnerability with a CVSS score of 8.4 (HIGH). An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed ...
How severe is CVE-2022-43760?
CVE-2022-43760 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43760?
Check the references section above for vendor advisories and patch information. Affected products include: Suse Rancher.