Lucene search
K

5 matches found

OSV
OSV
added 2024/11/20 6:23 p.m.13 views

GHSA-J5HQ-5JCR-XWX7 github.com/rancher/steve's users can issue watch commands for arbitrary resources

Impact A vulnerability has been discovered in Steve API Kubernetes API Translator in which users can watch resources they are not allowed to access, when they have at least some generic permissions on the type. For example, a user who can get a single secret in a single namespace can get all...

7.7CVSS7.3AI score0.0039EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/10/25 7:39 p.m.16 views

RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists

Impact A vulnerability has been identified whereby RKE2 deployments in Windows nodes have weak Access Control Lists ACL, allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation. The affected files include binaries, script...

7.5CVSS6.1AI score0.00508EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/08 6:46 p.m.42 views

Rancher API Server Cross-site Scripting Vulnerability

Impact A vulnerability has been identified in which unauthenticated cross-site scripting XSS in the API Server's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. The attack vector was identifi...

8.3CVSS6.1AI score0.00342EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2024/02/08 6:43 p.m.19 views

GHSA-C85R-FWC7-45VC Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'

Impact A vulnerability has been identified when granting a create or global role for a resource type of "namespaces"; no matter the API group, the subject will receive permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace...

8.6CVSS6.8AI score0.00403EPSS
Exploits0References7
OSV
OSV
added 2023/01/25 7:36 p.m.39 views

GHSA-CQ4P-VP5Q-4522 Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects

Impact This issue affects Rancher versions from 2.5.0 up to and including 2.5.16, from 2.6.0 up to and including 2.6.9 and 2.7.0. It was discovered that the security advisory CVE-2021-36782 GHSA-g7j7-h4q8-8w2f, previously released by Rancher, missed addressing some sensitive fields, secret tokens...

8.8CVSS9.2AI score0.00553EPSS
Exploits1References4
Rows per page
Query Builder