5 matches found
Privilege Escalation
github.com/rancher/rancher/ is vulnerable to Privilege Escalation. The vulnerability is due to the handling of "Impersonate-User" or "Impersonate-Group" headers, allowing malicious users to access unauthorized information...
GHSA-PVXJ-25M6-7VQR Rancher Privilege escalation vulnerability via malicious "Connection" header
A vulnerability was discovered in Rancher 2.0.0 through the aforementioned patched versions, where a malicious Rancher user could craft an API request directed at the proxy for the Kubernetes API of a managed cluster to gain access to information they do not have access to. This is done by passin...
SUSE CVE-2021-31999
A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16...
Rancher Labs Rancher has an unspecified vulnerability
Rancher Labs Rancher is an open source, enterprise-class container management platform from Rancher Labs, Inc. A security vulnerability exists in Rancher Labs Rancher, which stems from a reliance on untrusted input in a security decision vulnerability in Rancher. An attacker could exploit the...
CVE-2021-31999 Rancher: Privilege escalation vulnerability via malicious Connection header
A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16...