CyberSec.Space Logo
Back to CVE Browser

CVE-2021-36782

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1320%
EPSS Percentile21.45th
PublishedSep 7, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.

Affected Platforms (CPE)

πŸ“¦
Suse

Rancher

>= 2.5.0 and < 2.5.16
πŸ“¦
Suse

Rancher

>= 2.6.0 and < 2.6.7

References & Advisories

πŸ”— https://bugzilla.suse.com/show_bug.cgi?id=1193988
πŸ”— https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f
πŸ”— https://bugzilla.suse.com/show_bug.cgi?id=1193988
πŸ”— https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f

Related Vulnerabilities

CVE-2021-253209.9

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating req...

CVE-2021-367839.9

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project...

CVE-2019-112029.8

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 ...

CVE-2019-122748.8

In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management ...