CVE-2022-43755— Rancher: Non-random authentication token

CVSS 7.1 · High EPSS 0.34% · P56 Updated Mar 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-43755

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Rancher: Non-random authentication token

Source: NVD (National Vulnerability Database)

Vulnerability Description

A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

信息熵不充分

Source: NVD (National Vulnerability Database)

Vulnerability Title

Rancher 安全特征问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Rancher Labs Rancher是美国Rancher Labs公司的一套开源的企业级容器管理平台。 SUSE Rancher存在安全特征问题漏洞，该漏洞源于存在熵不足漏洞，即使在更新令牌后也允许获得cattle-token知识的攻击者继续滥用此漏洞。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SUSE	Rancher	Rancher ~ 2.6.10	-

II. Public POCs for CVE-2022-43755

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-43755

请登录查看更多情报信息。

Same Patch Batch · SUSE · 2023-02-07 · 9 CVEs total

CVE-2022-43757	9.9 CRITICAL	Rancher: Exposure of sensitive fields
CVE-2022-31254	7.8 HIGH	rmt-server-pubcloud allows to escalate from user _rmt to root
CVE-2022-43758	7.6 HIGH	Rancher: Command injection in Git package
CVE-2022-31249	7.5 HIGH	[RANCHER] OS command injection in Rancher and Fleet
CVE-2022-21953	7.4 HIGH	Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
CVE-2022-43759	7.2 HIGH	Rancher: Privilege escalation via promoted roles
CVE-2023-22643	6.3 MEDIUM	libzypp-plugin-appdata: potential arbitrary code execution via shell injection due to `os.
CVE-2022-43756	5.9 MEDIUM	Rancher/Wrangler: Denial of service when processing Git credentials

IV. Related Vulnerabilities

Same product: Rancher

Same vendor: SUSE

Same weakness: CWE-331

V. Comments for CVE-2022-43755

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-43755— Rancher: Non-random authentication token

I. Basic Information for CVE-2022-43755

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-43755

III. Intelligence Information for CVE-2022-43755

Same Patch Batch · SUSE · 2023-02-07 · 9 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-43755

Leave a comment