A vulnerability has been identified which may lead to sensitive data being leaked into Rancher’s audit logs. Rancher Audit Logging is an opt-in feature, only deployments that have it enabled and have AUDIT_LEVEL set to 1 or above
are impacted by this issue.
The leaks might be caught in the audit logs upon these actions:
The affected data may include the following:
Field | Location |
---|---|
X-Api-Auth-Header | Request header |
X-Api-Set-Cookie-Header | Response header |
X-Amz-Security-Token | Request header |
credentials | Request body |
applicationSecret | Request Body |
oauthCredential | Request Body |
serviceAccountCredential | Request Body |
spKey | Request Body |
spCert | Request body |
spCert | Response body |
certificate | Request body |
privateKey | Request body |
Secret
objects (including sub-types, such as kubernetes.io/dockerconfigjson
).register ... --token abc
).Kubeconfig
contents when the ‘Download KubeConfig’ feature is used in the Rancher UI.The patched versions will redact the sensitive data, replacing it with [redacted]
, making it safer for consumption. It is recommended that static secrets are rotated after the system is patched, to limit the potential impact of sensitive data being misused due to this vulnerability.
Note:
Patched versions include releases 2.6.14
, 2.7.10
and 2.8.2
.
If AUDIT_LEVEL
1 or above
is required and you cannot update to a patched Rancher version, ensure that the log is handled appropriately and it is not shared with other users or shipped into a log ingestion solution without the appropriate RBAC enforcement. Otherwise, disabling the Audit feature or decreasing it to the audit level 0
, mitigates the issue.
If you have any questions or comments about this advisory: