7 matches found
EUVD-2022-3935
Malicious code in bioql PyPI...
The vulnerability of Kubernets Rancher cluster management software lies in the lack of access restrictions on protected information. This allows attackers to expose the protected data and gain administrative control over the Kubernetes cluster.
The vulnerability of Kubernets Rancher cluster management software is related to the lack of restrictions on access to protected information. Exploiting this vulnerability allows a malicious actor to disclose protected data and gain administrative control over the Kubernetes cluster...
GHSA-PVXJ-25M6-7VQR Rancher Privilege escalation vulnerability via malicious "Connection" header
A vulnerability was discovered in Rancher 2.0.0 through the aforementioned patched versions, where a malicious Rancher user could craft an API request directed at the proxy for the Kubernetes API of a managed cluster to gain access to information they do not have access to. This is done by passin...
The vulnerability of the Webhook component in the Kubernets Rancher cluster management software allows a hacker to increase their privileges.
The vulnerability of the Webhook component in Kubernets Rancher’s cluster management software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...
Rancher Privilege Escalation Vulnerability
In Rancher 1 and 2 through 2.2.3, unprivileged users if allowed to deploy nodes can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as...
RancherOS 1.6.x < 1.6.28 / 2.0.x < 2.0.15 / 2.1.x < 2.1.10 / 2.2.x < 2.2.4 Arbitrary File Read
In Rancher 1 and 2 through 2.2.3, unprivileged users if allowed to deploy nodes can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as...
Rancher Labs Rancher Privilege Permission and Access Control Issues Vulnerability (CNVD-2019-43042)
Rancher Labs Rancher is the United States Rancher Labs, Inc. of a set of open source enterprise-class container management platform. A vulnerability exists in Rancher Labs Rancher with privilege permission and access control issues. An attacker can exploit this vulnerability to gain administrator...