Rancher: Failure to properly sanitize credentials in cluster template answers

CVE-2021-36783

9.9CRITICAL

Key Information

Vendor: Suse
Status: Rancher
Vendor: CVE Published:; 7 September 2022

Summary

A Insufficiently Protected Credentials vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners and Project Members to read credentials, passwords and API tokens that have been stored in cleartext and exposed via API endpoints. This issue affects: SUSE Rancher Rancher versions prior to 2.6.4; Rancher versions prior to 2.5.13.

Affected Version(s)

Rancher < 2.6.4

Rancher < 2.5.13

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
Sep 7, 2022
Vulnerability Reserved.
Jul 19, 2021

Collectors

NVD DatabaseMitre Database