Lucene search

Exposure of repository credentials to external third-party sources in Rancher

🗓️ 02 May 2022 19:34:33Reported by GitHub Advisory DatabaseType

Exposure of repository credentials to external third-party sources in Rancher. Issue affects versions 2.5.0 to 2.5.11 and 2.6.0 to 2.6.2. Patched in versions 2.5.12, 2.6.3 and later

Reporter	Title	Published	Views	Family All 8
Cvelist	CVE-2021-36778 Exposure of repository credentials to external third-party sources	2 May 202207:05	–	cvelist
NVD	CVE-2021-36778	2 May 202212:16	–	nvd
CNVD	Rancher Labs Rancher Information Disclosure Vulnerability	7 May 202200:00	–	cnvd
OSV	Exposure of repository credentials to external third-party sources in Rancher	2 May 202219:33	–	osv
OSV	CVE-2021-36778	2 May 202212:16	–	osv
CVE	CVE-2021-36778	2 May 202212:16	–	cve
Veracode	Information Exposure	4 May 202218:36	–	veracode
Prion	Authorization	2 May 202212:16	–	prion

Vulners

Node

rancher rancherRange2.5.0–2.5.12

rancher rancherRange2.6.0–2.6.3

Source	Link
github	www.github.com/rancher/rancher/security/advisories/GHSA-4fc7-hc63-7fjg
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-36778
bugzilla	www.bugzilla.suse.com/show_bug.cgi
github	www.github.com/advisories/GHSA-4fc7-hc63-7fjg

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 May 2022 19:33Current

7.3High risk

Vulners AI Score7.3

CVSS25

CVSS37.3 - 7.5

EPSS0.00168

repository credentials exposure rancher same-origin policy patched versions private repository helm charts security advisory