CVE-2023-22649

Rancher 'Audit Log' leaks sensitive information

CVSS 8.4 HIGHEPSS 1.9%CWE-532

In short

Rancher's audit logging feature can unintentionally record sensitive information like passwords and tokens in its logs. This happens only if audit logging is enabled and set to capture detailed activity, putting systems at risk if logs are accessed by unauthorized users.

Technical detail

Rancher audit logs (when AUDIT_LEVEL ≥ 1) fail to sanitize sensitive data such as credentials and authentication tokens, resulting in information disclosure (CWE-532). The vulnerability affects deployments with audit logging explicitly enabled; an attacker with access to audit log files can retrieve exposed credentials used in API requests.

Summary generated and translated by AI from the official description.

A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. [Rancher Audit Logging](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log) is an opt-in feature, only deployments that have it enabled and have [AUDIT_LEVEL](https://ranchermanager.docs.rancher.com/how-to-guides/advanced-user-guides/enable-api-audit-log#audit-log-levels) set to `1 or above` are impacted by this issue.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Affected products

SUSE · rancher

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22649 https://github.com/rancher/rancher/security/advisories/GHSA-xfj7-qf8w-2gcr