CRITICAL🇬🇧 English

CVE-2021-36782

CVSS 9.9v3.1pub. 2022-09-07upd. 2024-11-21

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • SUSE Rancher

    APP
    Suse
    2.5.0 – 2.5.16 (bez)2.6.0 – 2.6.7 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Container
CWE
Referencje

Powiązane podatności

CVE-2026-44946CRITICAL9.5ten sam produkt

A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enfo...

CVE-2026-41052CRITICAL9.4PL ✓ten sam produkt

Eskalacja uprawnień dla roli Project Owner w Rancher (LPE)

CVE-2023-22647CRITICAL9.9ten sam produkt

An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existi...

CVE-2023-22651CRITICAL9.9ten sam produkt

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the upda...

CVE-2022-43757CRITICAL9.9ten sam produkt

A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to...