Lucene search
GoogleOSV:GO-2024-2930HistoryJul 01, 2024 - 7:59 p.m.
RKE credentials are stored in the RKE1 Cluster state ConfigMap in github.com/rancher/rke
2024-07-0119:59:12
Google
osv.dev
2
rke
credentials
cluster state
configmap
github.com/rancher/rke
provision
kube-system namespace
sensitive data
k8s cluster
6.6 Medium
AI Score
Confidence
High
When RKE provisions a cluster, it stores the cluster state in a configmap called “full-cluster-state” inside the “kube-system” namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include sensitive data.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/rancher/rke | lt | 1.4.19 | |
| github.com/rancher/rke | lt | 1.5.10 | |
| github.com/rancher/rke | ge | 1.4.18 | |
| github.com/rancher/rke | ge | 1.5.9 |
Related
veracode
veracode
Sensitive Information Disclosure
2024-06-18 08:10:00
github
github
rke's credentials are stored in the RKE1 Cluster state ConfigMap
2024-06-17 22:30:48
osv
osv
rke's credentials are stored in the RKE1 Cluster state ConfigMap
2024-06-17 22:30:48