Entropy Leak in SUSE Rancher 2.7.0 Token Replay After Renewal
CVE-2022-43755 Published on February 7, 2023
Rancher: Non-random authentication token
A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.
Vulnerability Analysis
CVE-2022-43755 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a high impact on availability.
Weakness Type
Insufficient Entropy
The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
Products Associated with CVE-2022-43755
Want to know whenever a new CVE is published for Suse Rancher? stack.watch will email you.
Affected Versions
SUSE Rancher:- Version Rancher and below 2.6.10 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.