CVE-2022-21951
Rancher: Weave CNI password is not set if RKE template is used with CNI value overridden
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.
Una vulnerabilidad de Falta de Cifrado de Datos Confidenciales en SUSE Rancher, Rancher permite a atacantes en la red leer y cambiar los datos de la red debido a una falta de cifrado de los datos transmitidos por medio de la red cuando es creado un clúster desde una plantilla RKE con el valor CNI anulado Este problema afecta: SUSE Rancher Versiones anteriores a 2.5.14; Rancher versiones anteriores a la 2.6.5
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-12-16 CVE Reserved
- 2022-05-25 CVE Published
- 2023-12-16 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1199443 | Issue Tracking |
URL | Date | SRC |
---|---|---|
https://github.com/rancher/rancher/security/advisories/GHSA-vrph-m5jj-c46c | 2024-09-16 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Suse Search vendor "Suse" | Rancher Search vendor "Suse" for product "Rancher" | >= 2.5.0 < 2.5.14 Search vendor "Suse" for product "Rancher" and version " >= 2.5.0 < 2.5.14" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Rancher Search vendor "Suse" for product "Rancher" | >= 2.6.0 < 2.6.5 Search vendor "Suse" for product "Rancher" and version " >= 2.6.0 < 2.6.5" | - |
Affected
|