CVE-2022-43755

A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

Published: Feb 7, 2023
Updated: May 10, 2024
CVE: CVE-2022-43755
GHSA: GHSA-8c69-r38j-rpfj
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-330
CWE-331

Affected Software
References

Software	From	Fixed in
suse / rancher	2.7.0	2.7.1
suse / rancher	2.6.0	2.6.10
github.com/rancher/rancher	2.6.0	2.6.10
github.com/rancher/rancher	2.7.0	2.7.1

https://bugzilla.suse.com/show_bug.cgi?id=1205297
https://github.com/rancher/rancher/security/advisories/GHSA-8c69-r38j-rpfj

Vulnerability Database

CVE-2022-43755