CyberSec.Space Logo
Back to CVE Browser

CVE-2021-36783

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile18.07th
PublishedSep 7, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.

Affected Platforms (CPE)

πŸ“¦
Suse

Rancher

>= 2.5.0 and < 2.5.13
πŸ“¦
Suse

Rancher

>= 2.6.0 and < 2.6.4

References & Advisories

πŸ”— https://bugzilla.suse.com/show_bug.cgi?id=1193990
πŸ”— https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8
πŸ”— https://bugzilla.suse.com/show_bug.cgi?id=1193990
πŸ”— https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8

Related Vulnerabilities

CVE-2021-253209.9

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating req...

CVE-2021-367829.9

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, P...

CVE-2019-112029.8

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 ...

CVE-2019-122748.8

In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management ...