Lucene search
K

11 matches found

OSV
OSV
added 2023/12/12 5:15 p.m.18 views

CVE-2020-10676

In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project...

8.8CVSS6.8AI score
Exploits0References4
Prion
Prion
added 2023/12/12 5:15 p.m.17 views

Authorization

In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project...

6.5CVSS7AI score0.01026EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.36 views

CVE-2020-10676

In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project...

8.7AI score0.01026EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/06/23 5:57 p.m.74 views

Access Control Bypass

An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the...

9CVSS4.4AI score0.01799EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/06/23 5:57 p.m.25 views

GHSA-9QQ2-XHMC-H9QR Access Control Bypass

An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the...

4.2CVSS8.7AI score0.01799EPSS
Exploits0References6
OSV
OSV
added 2021/05/18 3:42 p.m.26 views

GO-2022-0755 Cross-site request forgery in github.com/rancher/rancher

Rancher 2 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher...

6.1CVSS6.2AI score0.01099EPSS
Exploits0References3
OSV
OSV
added 2019/09/04 2:15 p.m.21 views

CVE-2019-13209

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

6.1CVSS7.2AI score0.01099EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/09/04 1:40 p.m.21 views

CVE-2019-13209

Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is...

6.5AI score0.01099EPSS
Exploits0References2
NVD
NVD
added 2019/06/06 4:29 p.m.34 views

CVE-2019-12274

In Rancher 1 and 2 through 2.2.3, unprivileged users if allowed to deploy nodes can gain admin access to the Rancher management plane because node driver options intentionally allow posting certain data to the cloud. The problem is that a user could choose to post a sensitive file such as...

8.8CVSS8.7AI score0.01143EPSS
Exploits0References2
Prion
Prion
added 2019/04/10 2:29 p.m.24 views

Design/Logic Flaw

An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the...

9CVSS8.7AI score0.01799EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/04/10 1:59 p.m.33 views

CVE-2018-20321

An issue was discovered in Rancher 2 through 2.1.5. Any project member with access to the default namespace can mount the netes-default service account in a pod, and then use that pod to execute administrative privileged commands against the k8s cluster. This could be mitigated by isolating the...

8.8AI score0.01799EPSS
Exploits0References2
Rows per page
Query Builder