Lucene search
K

5 matches found

Veracode
Veracode
added 2024/04/25 5:58 a.m.18 views

Privilege Escalation

github.com/rancher/rancher/ is vulnerable to Privilege Escalation. The vulnerability is due to the handling of "Impersonate-User" or "Impersonate-Group" headers, allowing malicious users to access unauthorized information...

8.8CVSS8.6AI score0.01052EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/04/24 9:1 p.m.29 views

GHSA-PVXJ-25M6-7VQR Rancher Privilege escalation vulnerability via malicious "Connection" header

A vulnerability was discovered in Rancher 2.0.0 through the aforementioned patched versions, where a malicious Rancher user could craft an API request directed at the proxy for the Kubernetes API of a managed cluster to gain access to information they do not have access to. This is done by passin...

8.8CVSS8.7AI score0.01052EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.4 views

SUSE CVE-2021-31999

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16...

8.8CVSS8.4AI score0.01052EPSS
Exploits0References5
CNVD
CNVD
added 2021/07/20 12:0 a.m.20 views

Rancher Labs Rancher has an unspecified vulnerability

Rancher Labs Rancher is an open source, enterprise-class container management platform from Rancher Labs, Inc. A security vulnerability exists in Rancher Labs Rancher, which stems from a reliance on untrusted input in a security decision vulnerability in Rancher. An attacker could exploit the...

8.8CVSS1.7AI score0.01052EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/07/15 8:55 a.m.29 views

CVE-2021-31999 Rancher: Privilege escalation vulnerability via malicious Connection header

A Reliance on Untrusted Inputs in a Security Decision vulnerability in Rancher allows users in the cluster to act as others users in the cluster by forging the "Impersonate-User" or "Impersonate-Group" headers. This issue affects: Rancher versions prior to 2.5.9. Rancher versions prior to 2.4.16...

8.8CVSS8.8AI score0.01052EPSS
Exploits0References1
Rows per page
Query Builder