CVE-2022-31249
CVSS V2 None
CVSS V3 None
Description
A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions.
Overview
- CVE ID
- CVE-2022-31249
- Assigner
- meissner@suse.de
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-07T13:15:09
- Last Modified Date
- 2023-02-15T01:49:20
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:suse:wrangler:*:*:*:*:*:*:*:* | 1 | OR | 0.7.4 | |
| cpe:2.3:a:suse:wrangler:*:*:*:*:*:*:*:* | 1 | OR | 0.8.0 | 0.8.5 |
| cpe:2.3:a:suse:wrangler:1.0.0:*:*:*:*:*:*:* | 1 | OR |
References
| Reference URL | Reference Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1200299 | Issue Tracking |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-31249 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31249 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 07:19:46 | Added to TrackCVE | |||
| 2023-04-17 07:19:49 | Weakness Enumeration | new |