5.9

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-43756

CVE-2022-43756: Denial of service (DoS) when processing Git credentials

Impact

A denial of services (DoS) vulnerability was discovered in Wrangler Git package affecting versions up to and including v1.0.0.

Specially crafted Git credentials can result in a denial of service (DoS) attack on an application that uses Wrangler due to the exhaustion of the available memory and CPU resources. This is caused by a lack of input validation of Git credentials before they are used, which may lead to a denial of service in some cases. This issue can be triggered when accessing both private and public Git repositories.

Workarounds

A workaround is to sanitize input passed to the Git package to remove potential unsafe and ambiguous characters. Otherwise, the best course of action is to update to a patched Wrangler version.

Patches

Patched versions include v1.0.1 and later and the backported tags - v0.7.4-security1, v0.8.5-security1 and v0.8.11.

For more information

If you have any questions or comments about this advisory:

Reach out to SUSE Rancher Security team for security related inquiries.
Open an issue in Rancher or Wrangler repository.
Verify our support matrix and product support lifecycle.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-43756

CVE-2022-43756:

5.9

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/rancher/wrangler	go	<= 0.7.3	0.7.4-security1
github.com/rancher/wrangler	go	>= 0.8.0, <= 0.8.4	0.8.5-security1
github.com/rancher/wrangler	go	= 1.0.0	1.0.1
github.com/rancher/wrangler	go	>= 0.8.6, < 0.8.11	0.8.11

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper neutralization of special elements in git commands. The patch adds '--' argument separators and proper parameter formatting in multiple functions (Clone, LsRemote, fetchAndReset, reset), and fixes shell quoting in gitCmd. The affected functions directly process user-controlled inputs (branch names, URLs, passwords) without proper validation, enabling command/argument injection. The Go vulnerability report (GO-2023-1515) explicitly lists Clone, LsRemote and related functions as affected symbols. The commit diff shows critical security fixes in these specific functions, confirming their vulnerability to injection attacks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.9

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-43756: Denial of service (DoS) when processing Git credentials

Impact

Workarounds

Patches

For more information

CVE-2022-43756:

5.9

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2022-43756: Denial of service (DoS) when processing Git credentials

Impact

Workarounds

Patches

For more information

Basic Information

Basic Information

5.9

5.9

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI