CVE-2022-45157

HIGH Year: 2022
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-522
View all →

Vulnerability Description

A vulnerability has been identified in the way that Rancher stores vSphere's CPI (Cloud Provider Interface) and CSI (Container Storage Interface) credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a plaintext object inside Rancher. This vulnerability is only applicable to users that deploy clusters in vSphere environments.

Related Vulnerabilities

CVE-2021-20597

CRITICAL
CVSS:9.1(Critical)

Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series Safety CPU modules R08/16/32/120SFCPU firmware versions "26" and prior and Mitsubishi Electric MELSEC iQ-R ...

CWE-5222021

CVE-2022-43969

CRITICAL
CVSS:9.1(Critical)

Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.

CWE-5222022

CVE-2024-40583

CRITICAL
CVSS:9.1(Critical)

Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials.

CWE-5222024

CVE-2025-25650

CRITICAL
CVSS:9.1(Critical)

An issue in the storage of NFC card data in Dorset DG 201 Digital Lock H5_433WBSK_v2.2_220605 allows attackers to produce cloned NFC cards to bypass authentication.

CWE-5222025

CVE-2025-26492

CRITICAL
CVSS:9.1(Critical)

In JetBrains TeamCity before 2024.12.2 improper Kubernetes connection settings could expose sensitive resources

CWE-5222025

CVE-2016-9593

HIGH
CVSS:8.8(High)

foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those s...

CWE-5222016