Lucene search

K
githubGitHub Advisory DatabaseGHSA-GVH9-XGRQ-R8HW
HistoryApr 24, 2024 - 9:01 p.m.

Rancher's Steve API Component Improper authorization check allows privilege escalation

2024-04-2421:01:53
CWE-284
GitHub Advisory Database
github.com
7
rancher
steve api
improper authorization
privilege escalation
patched versions
cluster
kubernetes api
authentication
security advisory

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.7%

Impact

A flaw discovered in Rancher versions from 2.5.0 up to and including 2.5.9 allows an authenticated user to impersonate any user on a cluster through the Steve API proxy, without requiring knowledge of the impersonated user’s credentials. This is due to the Steve API proxy not dropping the impersonation header before sending the request to the Kubernetes API. A malicious user with authenticated access to Rancher could use this to impersonate another user with administrator access in Rancher, receiving, then, administrator level access in the cluster.

Patches

Patched versions include releases 2.5.10, 2.6.0 and later versions.

Workarounds

Limit access in Rancher to trusted users. There is not a direct mitigation besides upgrading to the patched Rancher versions.

For more information

If you have any questions or comments about this advisory:

CPENameOperatorVersion
github.com/rancher/rancherle2.5.9

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.7%

Related for GHSA-GVH9-XGRQ-R8HW