A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HRancher
APPRancher< 2.4.162.5.0 – 2.5.9 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2021-25320CRITICAL9.9ten sam produkt
A Improper Access Control vulnerability in Rancher, allows users in the cluster to make request to cloud provi...
CVE-2021-36775HIGH8.8ten sam produkt
a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been ...
CVE-2021-36776HIGH8.8ten sam produkt
A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. T...
CVE-2021-25318HIGH8.8ten sam produkt
A Incorrect Permission Assignment for Critical Resource vulnerability in Rancher allows users in the cluster t...