Base Score

HIGH8.3

CVE-2023-32192

A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser

VectorNETWORK

Published Bymeissner@suse.de

Published DateOct 16, 2024, 13:15

Affected Versions(1)

github.com/rancher/apiserver(Go)

Introduced0

Fixed0.0.0-20240207153957-4fd7d821d952

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/rancher/apiserver(Go)	0	0.0.0-20240207153957-4fd7d821d952	N/A

Weakness Type (CWE):CWE-80

CVSS Metrics

Base Score

8.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

LOW

References

Base Score

HIGH8.3

Weakness Type (CWE):CWE-80

CVSS Metrics

Base Score

8.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

LOW