Search criteria
2 vulnerabilities found for rancher_desktop by suse
CVE-2022-21947 (GCVE-0-2022-21947)
Vulnerability from nvd – Published: 2022-04-01 06:40 – Updated: 2024-09-16 19:20
VLAI
Title
rancher desktop: Dashboard API is network accessible
Summary
A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.
Severity
8.3 (High)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
1 reference
Date Public
2022-03-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:54.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "V",
"status": "affected",
"version": "Desktop",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197491"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1197491",
"defect": [
"1197491"
],
"discovery": "INTERNAL"
},
"title": "rancher desktop: Dashboard API is network accessible",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2022-21947",
"datePublished": "2022-04-01T06:40:10.168Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:20:21.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-21947 (GCVE-0-2022-21947)
Vulnerability from cvelistv5 – Published: 2022-04-01 06:40 – Updated: 2024-09-16 19:20
VLAI
Title
rancher desktop: Dashboard API is network accessible
Summary
A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.
Severity
8.3 (High)
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
1 reference
Date Public
2022-03-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:00:54.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Rancher",
"vendor": "SUSE",
"versions": [
{
"lessThan": "V",
"status": "affected",
"version": "Desktop",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1197491"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1197491",
"defect": [
"1197491"
],
"discovery": "INTERNAL"
},
"title": "rancher desktop: Dashboard API is network accessible",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2022-21947",
"datePublished": "2022-04-01T06:40:10.168Z",
"dateReserved": "2021-12-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:20:21.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}