VYPR

Rancher

by SUSE S.A.

Source repositories

CVEs (27)

  • CVE-2022-21951MedMay 25, 2022
    risk 0.44cvss 6.8epss 0.00

    A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI…

  • CVE-2022-31249HigFeb 7, 2023
    risk 0.42cvss 7.5epss 0.04

    A Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher…

  • CVE-2021-32001MedJul 28, 2021
    risk 0.42cvss 6.5epss 0.00

    K3s in SUSE Rancher allows any user with direct access to the datastore, or a copy of a datastore backup, to extract the cluster's confidential keying material (cluster certificate authority private keys, secrets encryption configuration passphrase, etc.) and decrypt it, without…

  • CVE-2021-4200MedMay 2, 2022
    risk 0.35cvss 5.4epss 0.01

    A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4.

  • CVE-2022-43756MedFeb 7, 2023
    risk 0.31cvss 5.9epss 0.01

    A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version…

  • CVE-2025-62879Mar 4, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs.

  • CVE-2025-67601Feb 25, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in…

Page 2 of 2