12 matches found
EUVD-2023-0463
Malicious code in bioql PyPI...
SUSE CVE-2022-21953
A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1...
CVE-2022-21953
A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1...
CVE-2022-21953
A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1...
Authorization
A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1...
CVE-2022-21953 Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1...
CVE-2022-21953 Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1...
CVE-2022-21953
CVE-2022-21953 describes a Missing Authorization vulnerability in SUSE Rancher that lets an authenticated user create an unauthorized shell pod and obtain kubectl access in the local cluster. Affected are Rancher releases prior to 2.5.17, prior to 2.6.10, and prior to 2.7.1. SUSE reports patches ...
Improper Access Control
github.com/rancher/rancher is vulnerable to Improper Access Control. The vulnerability exists in proxy.go where an authorization logic flaw allows an authenticated attacker on any downstream cluster to open a shell pod in the Rancher local cluster or have limited kubectl access to the pod...
GHSA-G25R-GVQ3-WRQ7 Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
Impact An issue was discovered in Rancher where an authorization logic flaw allows an authenticated user on any downstream cluster to 1 open a shell pod in the Rancher local cluster and 2 have limited kubectl access to it. The expected behavior is that a user does not have such access in the...
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
Impact An issue was discovered in Rancher where an authorization logic flaw allows an authenticated user on any downstream cluster to 1 open a shell pod in the Rancher local cluster and 2 have limited kubectl access to it. The expected behavior is that a user does not have such access in the...
PT-2023-12676 · Suse · Suse Rancher
Name of the Vulnerable Software and Affected Versions: SUSE Rancher versions prior to 2.5.17 SUSE Rancher versions prior to 2.6.10 SUSE Rancher versions prior to 2.7.1 Description: A Missing Authorization vulnerability in SUSE Rancher allows an authenticated user to create an unauthorized shell p...