← Back to CVEs
CVE-2021-36782
CRITICAL9.9
Description
A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows authenticated Cluster Owners, Cluster Members, Project Owners, Project Members and User Base to use the Kubernetes API to retrieve plaintext version of sensitive data. This issue affects: SUSE Rancher Rancher versions prior to 2.5.16; Rancher versions prior to 2.6.7.
CVE Details
CVSS v3.1 Score9.9
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published9/7/2022
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
suse:rancher
Weaknesses (CWE)
CWE-312
References
https://bugzilla.suse.com/show_bug.cgi?id=1193988(meissner@suse.de)
https://bugzilla.suse.com/show_bug.cgi?id=1193988(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rancher/rancher/security/advisories/GHSA-g7j7-h4q8-8w2f(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.