High severity8.3GHSA Advisory· Published Oct 16, 2024· Updated Apr 15, 2026
CVE-2023-32192
CVE-2023-32192
Description
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/rancher/apiserverGo | < 0.0.0-20240207153957-4fd7d821d952 | 0.0.0-20240207153957-4fd7d821d952 |
Affected products
4- osv-coords3 versionspkg:apk/chainguard/rancher-agent-2.8pkg:apk/wolfi/rancher-agent-2.8pkg:golang/github.com/rancher/apiserver
< 2.8.7-r1+ 2 more
- (no CPE)range: < 2.8.7-r1
- (no CPE)range: < 2.8.7-r1
- (no CPE)range: < 0.0.0-20240207153957-4fd7d821d952
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-833m-37f7-jq55ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-32192ghsaADVISORY
- bugzilla.suse.com/show_bug.cginvdWEB
- github.com/rancher/apiserver/commit/4df268e250f625fa323349062636496e0aeff4e4ghsaWEB
- github.com/rancher/apiserver/commit/4e102cf0d07b1af3d10d82c3e5a751a869b8a6c7ghsaWEB
- github.com/rancher/apiserver/commit/4fd7d821d952510bfe38c9d4a3e2a65157f50525ghsaWEB
- github.com/rancher/apiserver/commit/69b3c2b56f3fa5a421889c533dada8cd08783cdaghsaWEB
- github.com/rancher/apiserver/commit/97a10a30200cb851afd8ee85ee6b2295c4b6e5eeghsaWEB
- github.com/rancher/apiserver/commit/a3b9e3721c1b558ee63aec9594e37c223a5c8437ghsaWEB
- github.com/rancher/apiserver/security/advisories/GHSA-833m-37f7-jq55nvdWEB
News mentions
0No linked articles in our index yet.