CyberSec.Space Logo
Back to CVE Browser

CVE-2021-25320

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.0450%
EPSS Percentile28.09th
PublishedJul 15, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating requests with the cloud-credential ID. Rancher in this case would attach the requested credentials without further checks This issue affects: Rancher versions prior to 2.5.9; Rancher versions prior to 2.4.16.

Affected Platforms (CPE)

📦
Rancher

Rancher

< 2.4.16
📦
Rancher

Rancher

>= 2.5.0 and < 2.5.9

References & Advisories

🔗 https://bugzilla.suse.com/show_bug.cgi?id=1185514
🔗 https://bugzilla.suse.com/show_bug.cgi?id=1185514

Related Vulnerabilities

CVE-2021-367829.9

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, P...

CVE-2021-367839.9

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project...

CVE-2019-112029.8

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 ...

CVE-2019-122748.8

In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management ...