Privilege Escalation

github.com/rancher/rancher vulnerable to Privilege Escalation. The vulnerability is due to improper restrictions in node driver options, allowing unprivileged users to deploy nodes and post sensitive files such as /root/.kube/config or /var/lib/rancher/management-state/cred/kubeconfig-system.yaml...

Rancher Privilege Escalation Vulnerability

In Rancher 1 and 2 through 2.2.3, unprivileged users if allowed to deploy nodes can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as...

RancherOS 1.6.x < 1.6.28 / 2.0.x < 2.0.15 / 2.1.x < 2.1.10 / 2.2.x < 2.2.4 Arbitrary File Read

In Rancher 1 and 2 through 2.2.3, unprivileged users if allowed to deploy nodes can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as...

CVE-2019-12274

In Rancher 1 and 2 through 2.2.3, unprivileged users if allowed to deploy nodes can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as...

Code injection

In Rancher 1 and 2 through 2.2.3, unprivileged users if allowed to deploy nodes can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as...