← back
CVE-2022-21947

rancher desktop: Dashboard API is network accessible

CVSS 8.3 HIGHEPSS 0.6%CWE-668
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
01 Apr 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Affected products
SUSE · Rancher

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.suse.com/show_bug.cgi?id=1197491