8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
5.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:M/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
29.7%
github.com/rancher/rancher is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in the Projects/Namespaces and Auth Provider sections, which allows an attacker with write access to inject and execute malicious code and steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims.
bugzilla.suse.com/show_bug.cgi?id=CVE-2022-43760
github.com/rancher/rancher/commit/03d2eb265626e4f59532019b331230bf1b2e5db3
github.com/rancher/rancher/commit/040b95ce389496ca0546c4f3f7fa44a4e2810974
github.com/rancher/rancher/commit/16cffb5b63b835414f9d0e0f59053dc12effa028
github.com/rancher/rancher/commit/4de7ba6e96f82407fc2e0ce120c4a1b7ed0bd81e
github.com/rancher/rancher/commit/e9d50ed454adf20a5270de28b3e158a5ddcdb301
github.com/rancher/rancher/commit/ff5911091a7dd496be475aa6edbc46bc1e7020a2
github.com/rancher/rancher/security/advisories/GHSA-46v3-ggjg-qq3x
8.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
5.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
MULTIPLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:M/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
29.7%