CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-11202

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1950%
EPSS Percentile4.68th
Published2019年7月30日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered that affects the following versions of Rancher: v2.0.0 through v2.0.13, v2.1.0 through v2.1.8, and v2.2.0 through 2.2.1. When Rancher starts for the first time, it creates a default admin user with a well-known password. After initial setup, the Rancher administrator may choose to delete this default admin user. If Rancher is restarted, the default admin user will be recreated with the well-known default password. An attacker could exploit this by logging in with the default admin credentials. This can be mitigated by deactivating the default admin user rather than completing deleting them.

Affected Platforms (CPE)

📦
Suse

Rancher

>= 2.0.0 and <= 2.0.13
📦
Suse

Rancher

>= 2.1.0 and <= 2.1.8
📦
Suse

Rancher

>= 2.2.0 and <= 2.2.1

References & Advisories

🔗 https://forums.rancher.com/c/announcements
🔗 https://rancher.com/docs/rancher/v2.x/en/security/
🔗 https://forums.rancher.com/c/announcements
🔗 https://rancher.com/docs/rancher/v2.x/en/security/

相关漏洞威胁

CVE-2021-367829.9

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, P...

CVE-2021-367839.9

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project...

CVE-2021-253209.9

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud providers by creating req...

CVE-2019-122748.8

In Rancher 1 and 2 through 2.2.3, unprivileged users (if allowed to deploy nodes) can gain admin access to the Rancher management ...