cbcvebase.
CVE-2022-43756
published 2023-02-07

CVE-2022-43756: A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to…

PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.68%
47.9th percentile
A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.

Affected

8 ranges
VendorProductVersion rangeFixed in
github.comrancher_wrangler>= 0 < 0.7.4-security10.7.4-security1
github.comrancher_wrangler>= 0.8.0 < 0.8.5-security10.8.5-security1
github.comrancher_wrangler>= 0.8.6 < 0.8.110.8.11
github.comrancher_wrangler>= 1.0.0 < 1.0.11.0.1
suserancherwrangler – 0.7.3
susewrangler< 0.7.40.7.4
susewrangler
susewrangler>= 0.8.0 < 0.8.50.8.5
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.