Lucene search
K

3 matches found

OSV
OSV
added 2026/07/01 8:45 p.m.3 views

GHSA-XR65-5CPM-G36X Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy environments where different tenants share the same downstream clusters e.g., different privileged or untrusted teams inside the same organization. On unpatched versions, tenants could bypass restrictions to access any conf...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/01/25 7:36 p.m.44 views

Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster

Impact An issue was discovered in Rancher where an authorization logic flaw allows an authenticated user on any downstream cluster to 1 open a shell pod in the Rancher local cluster and 2 have limited kubectl access to it. The expected behavior is that a user does not have such access in the...

8.8CVSS0.3AI score0.0047EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/09/07 8:20 a.m.21 views

CVE-2022-31247 Rancher: Downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings such as cluster-owner, manage cluster members, project-owner and manage project members to gain owner permission in another...

9.1CVSS9.5AI score0.00844EPSS
Exploits1References2
Rows per page
Query Builder