HIGH🇵🇱 Wersja polska

CVE-2021-31999

CVSS 8.8v3.1pub. 2021-07-15upd. 2024-11-21

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Rancher

    APP
    Rancher
    < 2.4.162.5.0 – 2.5.9 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-25320CRITICAL9.9ten sam produkt

A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud provi...

CVE-2021-36775HIGH8.8ten sam produkt

a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been ...

CVE-2021-36776HIGH8.8ten sam produkt

A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. T...

CVE-2021-25318HIGH8.8ten sam produkt

A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster t...