CVE-2022-43760: 
Rancher vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was discovered in SUSE Rancher (CVE-2022-43760). The vulnerability affects Rancher versions from 2.6.0 before 2.6.13 and from 2.7.0 before 2.7.4. This security issue allows users with higher privileges to inject malicious code that executes in other users' browsers, potentially leading to information theft and unauthorized actions (Rancher Advisory).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) issue. It has received a CVSS v3.1 base score of 8.4 HIGH with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H. The affected areas include the Projects/Namespaces and Auth Provider sections of the Rancher UI. Exploitation requires authentication and write access to specific features (Rancher Advisory).

The vulnerability allows attackers to execute code in administrators' browsers, potentially leading to theft of sensitive information, web content manipulation, and unauthorized actions. An attacker with write access could act on behalf of an administrator once the administrator opens the affected web page. This could potentially compromise API Keys, Kubeconfig tokens, and credentials stored as secrets in Rancher and downstream clusters (Rancher Advisory).

The vulnerability has been patched in Rancher versions 2.6.13, 2.7.4, and later releases. There are no direct mitigations besides updating to a patched version. For potentially compromised systems, it is recommended to rotate all API Keys and Kubeconfig tokens, review logs, and potentially rotate credentials stored as secrets in Rancher and downstream clusters (Rancher Advisory).

The vulnerability was responsibly disclosed by bybit-sec to the SUSE Rancher Security team. SUSE has publicly acknowledged the issue and released patches to address the vulnerability (SUSE Bug).