CVE-2021-36776
CVE-2021-36776: Affects SUSE Rancher up to 2.5.9; Improper Access Control via the Steve API proxy allows an authenticated user to impersonate any user on a cluster by not dropping the impersonation header before forwarding to the Kubernetes API. This results in potentially administrator-level acc...