CVE-2022-21947 HIGH

CVE-2022-21947: rancher desktop: Dashboard API is network accessible

Vendor Suse
Product Rancher
Weakness CWE-668
Published April 1, 2022
Last update September 16, 2024

CVSS base score

8.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.

Key dates

02Disclosure timeline

April 1, 2022 CVE published
September 16, 2024 Record updated