{"id":"CVE-2022-21953","details":"A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.","aliases":["GHSA-g25r-gvq3-wrq7"],"modified":"2026-04-10T04:44:16.449898Z","published":"2023-02-07T13:15:09.437Z","references":[{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1199731"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rancher/rancher","events":[{"introduced":"65f3525cdc1167872af4140d45f3153698450c52"},{"fixed":"8bcacfeafe7c8b7696318c1eb739247258e83238"},{"introduced":"df2432ad895c9d6be0e47e0d6d62a4c3dc8f08e5"},{"fixed":"2207cfed180315c015223c07ba4462888b8acf9f"},{"introduced":"ce9a7aea4b13fed7acd02cc32667b2ae72f98f5a"},{"fixed":"bb1c35fc4258ada8829c187ca17fe28a6e61da4d"}],"database_specific":{"versions":[{"introduced":"2.5.0"},{"fixed":"2.5.17"},{"introduced":"2.6.0"},{"fixed":"2.6.10"},{"introduced":"2.7.0"},{"fixed":"2.7.1"}]}}],"versions":["v2.5.0","v2.5.0-rc9","v2.5.1","v2.5.1-rc1","v2.5.10","v2.5.10-rc1","v2.5.10-rc2","v2.5.10-rc3","v2.5.10-rc4","v2.5.10-rc5","v2.5.10-rc6","v2.5.10-rc7","v2.5.12","v2.5.12-rc1","v2.5.12-rc2","v2.5.12-rc3","v2.5.12-rc4","v2.5.12-rc5","v2.5.12-rc6","v2.5.12-rc7","v2.5.12-rc8","v2.5.13","v2.5.13-rc1","v2.5.13-rc2","v2.5.13-rc3","v2.5.13-rc4","v2.5.14","v2.5.14-rc1","v2.5.14-rc2","v2.5.16","v2.5.16-rc1","v2.5.16-rc2","v2.5.16-rc3","v2.5.16-rc4","v2.5.2","v2.5.2-rc","v2.5.2-rc1","v2.5.2-rc10","v2.5.2-rc2","v2.5.2-rc3","v2.5.2-rc4","v2.5.2-rc5","v2.5.2-rc6","v2.5.2-rc7","v2.5.2-rc8","v2.5.2-rc9","v2.5.4","v2.5.4-rc1","v2.5.4-rc2","v2.5.4-rc3","v2.5.4-rc4","v2.5.4-rc5","v2.5.4-rc6","v2.5.4-rc7","v2.5.4-rc8","v2.5.4-rc9","v2.5.6","v2.5.6-rc1","v2.5.6-rc2","v2.5.6-rc3","v2.5.6-rc4","v2.5.6-rc5","v2.5.6-rc6","v2.5.6-rc7","v2.5.6-rc8","v2.5.6-rc9","v2.5.8","v2.5.8-rc10","v2.5.8-rc11","v2.5.8-rc12","v2.5.8-rc13","v2.5.8-rc14","v2.5.8-rc15","v2.5.8-rc16","v2.5.8-rc17","v2.5.8-rc18","v2.5.8-rc19","v2.5.8-rc2","v2.5.8-rc20","v2.5.8-rc21","v2.5.8-rc3","v2.5.8-rc4","v2.5.8-rc5","v2.5.8-rc6","v2.5.8-rc7","v2.5.8-rc8","v2.5.8-rc9","v2.6.0","v2.6.0-rc10","v2.6.1","v2.6.1-harvester1","v2.6.1-harvester2","v2.6.1-rc1","v2.6.1-rc10","v2.6.1-rc11","v2.6.1-rc12","v2.6.1-rc13","v2.6.1-rc2","v2.6.1-rc3","v2.6.1-rc4","v2.6.1-rc5","v2.6.1-rc6","v2.6.1-rc7","v2.6.1-rc8","v2.6.1-rc9","v2.6.10-rc6","v2.6.3","v2.6.3-harvester1","v2.6.3-rc1","v2.6.3-rc10","v2.6.3-rc11","v2.6.3-rc2","v2.6.3-rc3","v2.6.3-rc4","v2.6.3-rc5","v2.6.3-rc6","v2.6.3-rc7","v2.6.3-rc8","v2.6.3-rc9","v2.6.4-alpha1","v2.6.4-alpha2","v2.6.4-alpha3","v2.6.4-rc1","v2.6.4-rc10","v2.6.4-rc11","v2.6.4-rc12","v2.6.4-rc13","v2.6.4-rc2","v2.6.4-rc3","v2.6.4-rc4","v2.6.4-rc5","v2.6.4-rc6","v2.6.4-rc8","v2.6.4-rc9","v2.6.5","v2.6.5-alpha1","v2.6.5-rc1","v2.6.5-rc10","v2.6.5-rc11","v2.6.5-rc12","v2.6.5-rc2","v2.6.5-rc3","v2.6.5-rc4","v2.6.5-rc5","v2.6.5-rc6","v2.6.5-rc8","v2.6.5-rc9","v2.6.6-rc1","v2.6.7","v2.6.7-rc1","v2.6.7-rc10","v2.6.7-rc2","v2.6.7-rc3","v2.6.7-rc4","v2.6.7-rc5","v2.6.7-rc6","v2.6.7-rc7","v2.6.7-rc8","v2.6.7-rc9","v2.6.8-rc2","v2.6.8-rc3","v2.6.9","v2.6.9-rc1","v2.6.9-rc2","v2.6.9-rc3","v2.6.9-rc4","v2.6.9-rc5","v2.6.9-rc6","v2.7.0","v2.7.0-novkdm","v2.7.1-rc4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21953.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}