Impact
The vulnerability is a command injection flaw that occurs when Rancher Manager processes the /v3/import/{token}_{clusterId}.yaml endpoint. Unsanitized YAML parameters allow a remote attacker to break out of an image boundary and execute arbitrary commands, such as creating malicious containers. This is classified as a CWE-95 injection vulnerability and would give the attacker the ability to execute arbitrary commands within the container environment, potentially compromising the entire cluster and any workloads running on it.
Affected Systems
The affected product is Rancher Manager from SUSE, specifically any cluster version before 2.14.2. Users running Rancher Manager 2.14.1 or earlier are susceptible and should check the version they are running.
Risk and Exploitability
The CVSS score of 9.4 signals critical severity. The EPSS score of 1% indicates a low but non‑zero likelihood of exploitation, and the issue is not listed in CISA's KEV catalog. The likely attack vector involves a remote attacker sending a crafted YAML payload to the open import endpoint; no special privileges or network traversal are mentioned, implying that exposure of the endpoint alone may be sufficient to exploit the flaw. Once exploited, the attacker can execute arbitrary commands within the container environment, potentially compromising the entire cluster and any workloads running on it.
OpenCVE Enrichment
Github GHSA