Lucene search
Veracode Vulnerability DatabaseVERACODE:39025HistoryJan 27, 2023 - 2:22 a.m.
Command Injection
2023-01-2702:22:31
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
command injection
github.com/rancher/rancher
vulnerability
git.go
malicious commands
rancher host
EPSS
0.001
Percentile
43.0%
github.com/rancher/rancher is vulnerable to Command Injection. The vulnerability exists because git.go doesn’t properly validate user input, allowing an attacker to inject and execute maliciously crafted commands through the rancher host.
References
bugzilla.suse.com/show_bug.cgi?id=1205294
github.com/advisories/GHSA-34p5-jp77-fcrc
github.com/rancher/rancher/commit/6ad4bba7984c86f40b02613d6c587d6a63d3e99d
github.com/rancher/rancher/commit/a230f24f869ddce133d5e36452f9fd5b5c4cc254
github.com/rancher/rancher/commit/af02fbac8702bd8e1cb70addba7783161865c7a4
github.com/rancher/rancher/pull/40242
github.com/rancher/rancher/pull/40243
github.com/rancher/rancher/pull/40244
Related
cvelist
cvelist
CVE-2022-43758 Rancher: Command injection in Git package
2023-02-07 00:00:00
cve
cve
CVE-2022-43758
2023-02-07 13:15:09
nvd
nvd
CVE-2022-43758
2023-02-07 13:15:09
osv
osv
Command injection in Rancher Git package
2023-01-25 19:36:35
CVE-2022-43758
2023-02-07 13:15:09
github
github
Command injection in Rancher Git package
2023-01-25 19:36:35
prion
prion
Command injection
2023-02-07 13:15:00