6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
37.0%
A vulnerability was discovered in Rancher versions 2.0 through the aforementioned fixed versions, where users were granted access to resources regardless of the resource’s API group. For example Rancher should have allowed users access to apps.catalog.cattle.io
, but instead incorrectly gave access to apps.*
. Resource affected include:
Downstream clusters:
apiservices
clusters
clusterrepos
persistentvolumes
storageclasses
Rancher management cluster
apprevisions
apps
catalogtemplates
catalogtemplateversions
clusteralertgroups
clusteralertrules
clustercatalogs
clusterloggings
clustermonitorgraphs
clusterregistrationtokens
clusterroletemplatebindings
clusterscans
etcdbackups
nodepools
nodes
notifiers
pipelineexecutions
pipelines
pipelinesettings
podsecuritypolicytemplateprojectbindings
projectalertgroups
projectalertrules
projectcatalogs
projectloggings
projectmonitorgraphs
projectroletemplatebindings
projects
secrets
sourcecodeproviderconfigs
There is not a direct mitigation besides upgrading to the patched Rancher versions.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/rancher/rancher | lt | 2.5.9 | |
github.com/rancher/rancher | lt | 2.4.16 |
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
37.0%