CVE-2022-45157

CVSS V2 None CVSS V3 None

Description

A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments.

Overview

CVE ID
CVE-2022-45157

Assigner
suse

Vulnerability Status
PUBLISHED

Published Version
2024-11-13T13:39:10.338Z

Last Modified Date
2024-11-13T14:39:15.785Z

Weakness Enumerations

CWE	URL
CWE-522	http://cwe.mitre.org/data/definitions/522.html

References

Reference URL	Reference Tags
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-45157
https://github.com/rancher/rancher/security/advisories/GHSA-xj7w-r753-vj8v

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-45157
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45157

History

Created	Old Value	New Value	Data Type	Notes
2024-11-14 12:04:46				Added to TrackCVE