EUVD-2024-1950

Malicious code in bioql PyPI...

OPENSUSE-SU-2025:15569-1 rke2-1.33-1.33.5+rke2r1-1.1 on GA media

These are all security issues fixed in the rke2-1.33-1.33.5+rke2r1-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-22032

A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled. When reconciling, the Kube API secret values are written in plaintext on the AppliedSpec. Cluster owners, Cluster members, and Project members for projects...

CVE-2023-32191

When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin...

CVE-2023-32191 rke's credentials are stored in the RKE1 Cluster state ConfigMap

When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin...

CVE-2023-32191 rke's credentials are stored in the RKE1 Cluster state ConfigMap

When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin...

Rancher 信息泄露漏洞

Rancher is an open source container management platform from Rancher Open Source in the United States, built for organizations that deploy containers in production environments. Rancher suffers from an information disclosure vulnerability that stems from RKE1 encryption configurations being store...

GO-2024-2930 RKE credentials are stored in the RKE1 Cluster state ConfigMap in github.com/rancher/rke

When RKE provisions a cluster, it stores the cluster state in a configmap called "full-cluster-state" inside the "kube-system" namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include sensitive data...

Sensitive Information Disclosure

github.com/rancher/rke is vulnerable to Sensitive Information Disclosure. The vulnerability exists due to insecure cluster state storage in a publicly accessible configmap called full-cluster-state inside the kube-system namespace, which allows an attacker without administrative privileges to...

rke's credentials are stored in the RKE1 Cluster state ConfigMap

Impact When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include the following sensitive data: -...

GHSA-6GR4-52W6-VMQX rke's credentials are stored in the RKE1 Cluster state ConfigMap

Impact When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include the following sensitive data: -...

OPENSUSE-SU-2024:12031-1 rke-1.3.10-1.1 on GA media

These are all security issues fixed in the rke-1.3.10-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11726-1 rke-1.3.3-1.1 on GA media

These are all security issues fixed in the rke-1.3.3-1.1 package on the GA media of openSUSE Tumbleweed...

RKE2 Security Vulnerability

RKE2 is the next generation Kubernetes distribution for Rancher. A security vulnerability exists in SUSE RKE2 that stems from the presence of a resource allocation error issue. An attacker can exploit the vulnerability to access the apiserver/supervisor port of the K3s server, resulting in a deni...

Design/Logic Flaw

The Remote Keyless Entry RKE receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retain...

CVE-2022-37418

The CVE-2022-37418 issue concerns the Remote Keyless Entry (RKE) receiving unit used in Nissan, Kia, and Hyundai vehicles through 2017. The vulnerability arises when an attacker captures two consecutive valid key fob signals over the radio, enabling a RollBack replay attack that allows the attack...

CVE-2022-37305

Summary: CVE-2022-37305 affects Honda vehicles up to 2018 and concerns the Remote Keyless Entry (RKE) receiving unit. The root cause is a RollBack-like vulnerability where an attacker, after capturing five consecutive valid RKE signals transmitted over RF, can remotely unlock the vehicle and forc...

CVE-2022-36945

The CVE-2022-36945 entry concerns Mazda vehicles’ Remote Keyless Entry (RKE) receiving unit up to 2020. The root issue is a RollBack attack that, after three consecutive valid key-fob signals, allows a remote attacker to unlock and force resynchronization, with the attacker retaining unlock capab...

Man-in-the-middle (MITM)

github.com/rancher/rancher is vulnerable to man-in-the-middle attacks. A remote attacker is able to read and change network data because the network traffic in the cluster is sent unencrypted when it is created from an RKE template with the CNI value overridden...

CVE-2022-21951 Rancher: Weave CNI password is not set if RKE template is used with CNI value overridden

A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This...