CVE-2022-45157

Severity CVSS v4.0:

HIGH

Type:

CWE-522 Insufficiently Protected Credentials

Publication date:

13/11/2024

Last modified:

13/11/2024

Description

A vulnerability has been identified in the way that Rancher stores vSphere&#39;s CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L CVSS v4.0 Severity and Metrics:

Base Score: 8.50 HIGH
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): Low
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): Low
Availability (VA): Low
Confidentiality (SC): High
Integrity (SI): Low
Availability (SA): Low

Base Score 4.0

8.50

Severity 4.0

HIGH

Vector 3.x

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L CVSS v3.1 Severity and Metrics:

Base Score: 9.10 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Changed
Confidentiality (C): High
Integrity (I): Low
Availability (A): Low

Base Score 3.x

9.10

Severity 3.x

CRITICAL

CVE-2022-45157

Description

Impact

References to Advisories, Solutions, and Tools