CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-36783

CRITICAL
9.9
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile18.07th
Published2022年9月7日
Last Modified2024年11月21日

Vulnerability Description

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.

Affected Platforms (CPE)

📦
Suse

Rancher

>= 2.5.0 and < 2.5.13
📦
Suse

Rancher

>= 2.6.0 and < 2.6.4

References & Advisories

🔗 https://bugzilla.suse.com/show_bug.cgi?id=1193990
🔗 https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8
🔗 https://bugzilla.suse.com/show_bug.cgi?id=1193990
🔗 https://github.com/rancher/rancher/security/advisories/GHSA-8w87-58w6-hfv8

相关漏洞威胁

CVE-2021-253209.9

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating req...

CVE-2021-367829.9

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, P...

CVE-2019-112029.8

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 ...

CVE-2019-122748.8

In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management ...