CVE-2022-43756 — Injection in Rancher Wrangler

CWE-74 — Injection CWE-150 — Improper Neutralization of Escape, Meta, or Control Sequences5 documents4 sources

Severity

7.5HIGHNVD

CNA5.9

EPSS

1.1%

top 22.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Rancher Wrangler Suse Wrangler Suse Rancher

Timeline

PublishedFeb 7

Latest updateFeb 14

Description

A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDsuse/wrangler0.8.0 — 0.8.5+2

▶Gogithub.com/rancher_wrangler0.8.0 — 0.8.5-security1+3

▶CVEListV5suse/rancherwrangler — 0.7.3

🔴Vulnerability Details

OSV

Denial of service when processing Git credentials in github.com/rancher/wrangler↗2023-02-14

▶

CVEList

Rancher/Wrangler: Denial of service when processing Git credentials↗2023-02-07

▶

GHSA

Denial of service (DoS) when processing Git credentials↗2023-01-25

▶

OSV

Denial of service (DoS) when processing Git credentials↗2023-01-25

▶