CVE-2022-45157 — CRITICAL (9.1)

Vulnerability Description

A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Related Weaknesses (CWE)

CWE-522

References

FAQ

What is CVE-2022-45157?

CVE-2022-45157 is a vulnerability with a CVSS score of 9.1 (CRITICAL). A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSpher...

How severe is CVE-2022-45157?

CVE-2022-45157 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-45157?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.