CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-12274

HIGH
8.8
CVSS Severity Score
EPSS Score0.0440%
EPSS Percentile44.84th
Published2019年6月6日
Last Modified2024年11月21日

Vulnerability Description

In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml.

Affected Platforms (CPE)

📦
Suse

Rancher

>= 1.0.0 and <= 1.6.28
📦
Suse

Rancher

>= 2.0.0 and <= 2.2.3

References & Advisories

🔗 https://forums.rancher.com/c/announcements
🔗 https://forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466
🔗 https://forums.rancher.com/c/announcements
🔗 https://forums.rancher.com/t/rancher-release-v2-2-4-addresses-rancher-cve-2019-12274-and-cve-2019-12303/14466

関連する脆弱性情報

CVE-2021-367839.9

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project...

CVE-2021-367829.9

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, P...

CVE-2021-253209.9

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating req...

CVE-2019-112029.8

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 ...

CVE-2019-12274 Detail & Impact Analysis | CVSS 8.8 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space