Strix
26.1K

CVE-2022-43760

HIGHCVSS 8.4/10EPSS 0.71%

Last modified

CVE-2022-43760 is a high-severity vulnerability rated 8.4/10 on the CVSS scale. An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4. . EPSS estimates a 0.71% chance of exploitation in the next 30 days.

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.

Metrics

CVSS 3.1
8.4/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

EPSS Probability
0.71%

49.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SuseRancher>= 2.6.0, < 2.6.13
SuseRancher>= 2.7.0, < 2.7.4

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-43760?
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.
How severe is CVE-2022-43760?
CVE-2022-43760 has a CVSS score of 8.4/10 (HIGH severity). The EPSS model estimates a 0.71% probability of exploitation in the next 30 days.
How do I fix CVE-2022-43760?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-43760?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST