CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-36782

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1320%
EPSS Percentile21.45th
Published2022年9月7日
Last Modified2024年11月21日

Vulnerability Description

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.

Affected Platforms (CPE)

📦
Suse

Rancher

>= 2.5.0 and < 2.5.16
📦
Suse

Rancher

>= 2.6.0 and < 2.6.7

References & Advisories

🔗 https://bugzilla.suse.com/show_bug.cgi?id=1193988
🔗 https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f
🔗 https://bugzilla.suse.com/show_bug.cgi?id=1193988
🔗 https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f

関連する脆弱性情報

CVE-2021-253209.9

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating req...

CVE-2021-367839.9

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project...

CVE-2019-112029.8

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 ...

CVE-2019-122748.8

In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management ...