{"id":"CVE-2023-22649","details":"A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue.","aliases":["GHSA-xfj7-qf8w-2gcr","GO-2024-2537"],"modified":"2026-04-10T04:55:26.337866Z","published":"2024-10-16T08:15:04.390Z","references":[{"type":"ADVISORY","url":"https://github.com/rancher/rancher/security/advisories/GHSA-xfj7-qf8w-2gcr"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22649"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/rancher/rancher","events":[{"introduced":"df2432ad895c9d6be0e47e0d6d62a4c3dc8f08e5"},{"fixed":"d4a0ff5e779e3cc5f14d77ce57620e1326ab1c22"},{"introduced":"ce9a7aea4b13fed7acd02cc32667b2ae72f98f5a"},{"fixed":"649fdad268d8ecc748e9fdcca2ddcfdc900f9eaa"},{"introduced":"72f58378bf03122a9651c9bd3b4c143a57e8fdaa"},{"fixed":"2f7113dc32d4f1f5375a1ae09b65be58f6801a15"}],"database_specific":{"versions":[{"introduced":"2.6.0"},{"fixed":"2.6.14"},{"introduced":"2.7.0"},{"fixed":"2.7.10"},{"introduced":"2.8.0"},{"fixed":"2.8.2"}]}}],"versions":["v2.6.0","v2.6.0-rc10","v2.6.1","v2.6.1-harvester1","v2.6.1-harvester2","v2.6.1-rc1","v2.6.1-rc10","v2.6.1-rc11","v2.6.1-rc12","v2.6.1-rc13","v2.6.1-rc2","v2.6.1-rc3","v2.6.1-rc4","v2.6.1-rc5","v2.6.1-rc6","v2.6.1-rc7","v2.6.1-rc8","v2.6.1-rc9","v2.6.11","v2.6.11-rc1","v2.6.11-rc10","v2.6.11-rc2","v2.6.11-rc3","v2.6.11-rc4","v2.6.11-rc5","v2.6.11-rc6","v2.6.11-rc7","v2.6.11-rc8","v2.6.11-rc9","v2.6.12","v2.6.12-rc1","v2.6.12-rc2","v2.6.12-rc3","v2.6.12-rc4","v2.6.12-rc5","v2.6.13","v2.6.13-rc1","v2.6.3","v2.6.3-harvester1","v2.6.3-rc1","v2.6.3-rc10","v2.6.3-rc11","v2.6.3-rc2","v2.6.3-rc3","v2.6.3-rc4","v2.6.3-rc5","v2.6.3-rc6","v2.6.3-rc7","v2.6.3-rc8","v2.6.3-rc9","v2.6.4-alpha1","v2.6.4-alpha2","v2.6.4-alpha3","v2.6.4-rc1","v2.6.4-rc10","v2.6.4-rc11","v2.6.4-rc12","v2.6.4-rc13","v2.6.4-rc2","v2.6.4-rc3","v2.6.4-rc4","v2.6.4-rc5","v2.6.4-rc6","v2.6.4-rc8","v2.6.4-rc9","v2.6.5","v2.6.5-alpha1","v2.6.5-rc1","v2.6.5-rc10","v2.6.5-rc11","v2.6.5-rc12","v2.6.5-rc2","v2.6.5-rc3","v2.6.5-rc4","v2.6.5-rc5","v2.6.5-rc6","v2.6.5-rc8","v2.6.5-rc9","v2.6.6-rc1","v2.6.7","v2.6.7-rc1","v2.6.7-rc10","v2.6.7-rc2","v2.6.7-rc3","v2.6.7-rc4","v2.6.7-rc5","v2.6.7-rc6","v2.6.7-rc7","v2.6.7-rc8","v2.6.7-rc9","v2.6.8-rc2","v2.6.8-rc3","v2.6.9","v2.6.9-rc1","v2.6.9-rc2","v2.6.9-rc3","v2.6.9-rc4","v2.6.9-rc5","v2.6.9-rc6","v2.7.0","v2.7.0-novkdm","v2.7.2","v2.7.2-rc1","v2.7.2-rc10","v2.7.2-rc2","v2.7.2-rc3","v2.7.2-rc4","v2.7.2-rc5","v2.7.2-rc6","v2.7.2-rc7","v2.7.2-rc8","v2.7.2-rc9","v2.7.5","v2.7.5-rc1","v2.7.5-rc2","v2.7.5-rc3","v2.7.5-rc4","v2.7.5-rc5","v2.7.5-rc6","v2.7.7","v2.7.7-rc1","v2.7.7-rc2","v2.7.7-rc3","v2.7.7-rc4","v2.7.7-rc5","v2.7.7-rc6","v2.7.7-rc7","v2.7.8","v2.7.8-rc1","v2.7.9","v2.7.9-rc1","v2.7.9-rc2","v2.8.0","v2.8.0-rc5","v2.8.1","v2.8.1-rc1","v2.8.1-rc2","v2.8.1-rc3","v2.8.1-rc4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22649.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}