n8n is Vulnerable to Credential Theft via Name-Based Resolution and Permission Checker Bypass in Community Edition

Impact An authenticated user with the global:member role could exploit chained authorization flaws in n8n's credential pipeline to steal plaintext secrets from generic HTTP credentials httpBasicAuth, httpHeaderAuth, httpQueryAuth belonging to other users on the same instance. The attack abuses a...

Improper Authorization Enforcement

github.com/rancher/rancher is vulnerable to improper authorization enforcement. The vulnerability is due to improper revocation of permissions after removing a custom GlobalRole or its binding, which allows an attacker to retain unauthorized administrative access to clusters when the role contain...

GO-2025-4073 Rancher user retains access to clusters despite Global Role removal in github.com/rancher/rancher

Rancher user retains access to clusters despite Global Role removal in github.com/rancher/rancher...

CVE-2023-32199

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...

CVE-2023-32199 Rancher user retains access to clusters despite Global Role removal

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...

CVE-2023-32199 Rancher user retains access to clusters despite Global Role removal

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...

CVE-2023-32199

CVE-2023-32199 concerns Rancher Manager where removing a custom GlobalRole that grants administrative access or its binding leaves the user with cluster access. Affected are custom GlobalRoles with a wildcard (*) on resources or non-resource URLs, which can result in orphaned ClusterRoleBindings ...

Rancher 安全漏洞

Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations deploying containers in production environments. A security vulnerability exists in Rancher that stems from a user retaining cluster access after removing a customized...

SUSE CVE-2023-32199

A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a on in rule for resources or have a on ru...

GHSA-J4VR-PCMW-HX59 Rancher user retains access to clusters despite Global Role removal

Impact A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that: - Have a on in rule for resources - Hav...

PT-2025-43690

Name of the Vulnerable Software and Affected Versions Rancher versions prior to 2.12.3 Rancher versions prior to 2.11.7 Description A flaw exists in Rancher Manager where removing a custom GlobalRole granting administrative access, or its corresponding binding, does not revoke the user's access t...

EUVD-2020-28857

Malware in sbrugna...

CVE-2023-32194

A vulnerability has been identified when granting a create or global role for a resource type of "namespaces"; no matter the API group, the subject will receive permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the...

SUSE CVE-2023-32194

A vulnerability has been identified when granting a create or global role for a resource type of "namespaces"; no matter the API group, the subject will receive permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the...

Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'

Impact A vulnerability has been identified when granting a create or global role for a resource type of "namespaces"; no matter the API group, the subject will receive permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace...

Potential privilege escalation in Ops Manager API

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2...

CVE-2020-7927

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...

CVE-2020-7927

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...

CVE-2020-7927 Potential privilege escalation in Ops Manager API

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 an...

PT-2020-19852 · Mongodb · Mongodb Ops Manager

Name of the Vulnerable Software and Affected Versions: MongoDB Ops Manager versions prior to and including 4.2.17 MongoDB Ops Manager versions prior to and including 4.3.9 MongoDB Ops Manager versions prior to and including 4.4.2 Description: Specially crafted API calls may allow an authenticated...