Vulnerabilities > Suse > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-12 CVE-2020-10676 Incorrect Authorization vulnerability in Suse Rancher
In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project.
network
low complexity
suse CWE-863
8.8
2023-09-19 CVE-2023-32182 Link Following vulnerability in multiple products
A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.
local
low complexity
opensuse suse CWE-59
7.8
2023-09-19 CVE-2023-32186 Allocation of Resources Without Limits or Throttling vulnerability in Suse Rancher Rke2
A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.
network
low complexity
suse CWE-770
7.5
2023-06-01 CVE-2022-43760 Cross-site Scripting vulnerability in Suse Rancher
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims.
network
low complexity
suse CWE-79
8.4
2023-06-01 CVE-2023-22647 Unspecified vulnerability in Suse Rancher
An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved.
low complexity
suse
8.0
2023-06-01 CVE-2023-22648 Unspecified vulnerability in Suse Rancher 2.6.10/2.7.0/2.7.1
A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI.
network
low complexity
suse
8.8
2023-04-25 CVE-2023-29552 The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. 7.5
2023-02-15 CVE-2022-45153 Incorrect Default Permissions vulnerability in multiple products
An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created.
local
low complexity
suse opensuse CWE-276
7.8
2023-02-07 CVE-2022-21953 Missing Authorization vulnerability in Suse Rancher
A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.
network
low complexity
suse CWE-862
8.8
2023-02-07 CVE-2022-43756 Injection vulnerability in Suse Wrangler
A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials.
network
low complexity
suse CWE-74
7.5