CVE-2022-43758 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2022-43758 Interim 1 4 2025-02-16T02:50:43Z current 2023-01-26T00:46:09Z 2025-02-16T02:50:43Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2022-43758 A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://github.com/rancher/rancher/security/advisories/GHSA-34p5-jp77-fcrc E-Mail link for GHSA-34p5-jp77-fcrc https://www.suse.com/support/security/rating/ SUSE Security Ratings A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. CVE-2022-43758 important 7.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H