Critical severity9.1NVD Advisory· Published Nov 13, 2024· Updated Apr 15, 2026

CVE-2022-45157

Description

A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/rancher/rancherGo	>= 2.9.0, < 2.9.3	2.9.3
github.com/rancher/rancherGo	>= 2.7.0, < 2.8.9	2.8.9

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-xj7w-r753-vj8vghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-45157ghsaADVISORY
bugzilla.suse.com/show_bug.cginvdWEB
github.com/rancher/rancher/security/advisories/GHSA-xj7w-r753-vj8vnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000